Ubuntu
moodle package

Strange default MySQL administrator username (postgres) during install

Bug #327843 reported by Andreas Olsson on 2009-02-10

Affects		Status	Importance	Assigned to	Milestone
	moodle (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: moodle

During the install of Moodle you get to choose if you want to use a MySQL- or a PostgreSQL server. If you choose MySQL the next question is about which host to connect to and then you are asked the following:

"Please enter the PostgreSQL or MySQL administrator username, needed for the database creation."

The default value then is "postgres", which seems like a strange choice considering that you have just choosen to connect towards a MySQL server.

Would it be possible to have separate admin-user-questions depending on if MySQL or PostreSQL have been choosen earlier?

(No, not really a big issue, I know.)

moodle:
  Installed: 1.8.2-1.2ubuntu2
  Candidate: 1.8.2-1.2ubuntu2
  Version table:
*** 1.8.2-1.2ubuntu2 0
        500 http://archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

Related branches

lp:ubuntu/karmic/moodle

CVE References

Revision history for this message

JanBrinkmann (jbrinkmann) wrote on 2009-02-11:

Thank you for reporting this idea. That's the way to enhance and improve things in Ubuntu. I can confirm this behaviour on 8.10 x86 when I install the same version. Would be cosmetically nice if the username decision would depend on the choosen database.

Changed in moodle:
status:	New → Confirmed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-02-26:

Download full text (4.8 KiB)

This bug was fixed in the package moodle - 1.9.4.dfsg-0ubuntu1

---------------
moodle (1.9.4.dfsg-0ubuntu1) jaunty; urgency=low

  * Merge with Debian git (Closes LP: #322961, #239481, #334611):
    - use Ubuntu's smarty lib directory for linking
    - use internal yui library
    - add update-notifier support back in

  [Matt Oquist]
    * renamed prerm script
    * significantly rewrote postinst and other maintainer scripts to improve
      user experience and package maintainability
      (Closes LP: #225662, #325450, #327843, #303078, #234609)

moodle (1.9.4.dfsg-1) UNRELEASED; urgency=low

  * New Upstream Version (closes: #475535, #514284, #515823)
    (added notes/ and tag/ to debian/install)
  * Merge with Ubuntu:
    - drop use of wwwconfig (closes: #389502, #302205)
    - debian/postinst: ucf fixes (fixes a hang)

  * Remove preinst (no more direct upgrades from sarge)
  * Remove PHP4 support from the Apache config file we provide
  * Drop support for apache 1.x and remove from debconf
  * Add swedish debconf translation (closes: #511202)

  * Bump debhelper compatibility to 7
  * Add lintian overrides for known customised libraries
  * Add new license files to delete (lintian warning)
  * Compress the deb with bzip2
  * Add a watch file
  * Update copyright file

  Dependencies:
  * Depend on libjs-yui instead of yui (renamed after lenny)
  * Add dependency on unzip
  * Recommend php5-xmlrpc and aspell
  * Suggest clamav
  * Demoted mimetex to recommended

  Generated config:
  * Turn 'dbpersist' on by default in the generated config.php
  * Include whitespace warning at the end of generated config.php
  * Set the path to du, unzip and zip

moodle (1.8.2.dfsg-4) unstable; urgency=high

  * Improve the fix for log URL filtering as suggested by Steffen Joeris
    (MSA-09-0007 / CVE-2009-0500)
  * Backport upstream fix for calendar export leakage
    (MSA-09-0006 / CVE-2009-0501)

moodle (1.8.2.dfsg-3) unstable; urgency=high

  * Delete unused (but vulnerable) Spellchecker plugin to htmlarea
    (MSA-09-0005, CVE-2008-5153)
  * Hide images of deleted users (MSA-09-0001)
  * Fix user pix disclosure (MSA-09-0002)
  * Fix XSS vulnerabilities in HTML blocks (MSA-09-0004)
  * Fix XSS vulnerabilities in logs (MSA-09-0007)
  * Fix CSRF vulnerability in forum code (MSA-09-0008)

moodle (1.8.2.dfsg-2) unstable; urgency=high

  [ Dan Poltawski ]
  * Patch SQL injection bug in hotpot module (MSA-08-0010)
  * Fix XSS bug in logged urls (MDL-11414)
  * Fix XSS bug in install script (MSA-08-0004)
  * Fix insufficient access control in Login as feature (MSA-08-0003)
  * Profiles of deleted users were accessible allowing for spam (MSA-08-0015)
  * Deficincy in text cleaning functions allowed for XSS (MSA-08-0021)
  * Fix CSRF in messaging settings (MSA-08-0023)
  * Fix anonymous group creation and html injection (MDL-11759)
  * Fix SQL injection bug in mnet (MDL-9288)
  * Fix SQL injection bug in restore (MDL-11857)
  * Insufficient cleaning of essay questions (MDL-12079)
  * Fix insufficient cleaning of PARAM_HOST (MDL-12793)
  * Fix XSS bug in logged urls (MDL-11414)
  * Fix uncleaned params in wiki (MDL-14806)

[ Francois Marier ]
* Update ht...

This bug was fixed in the package moodle - 1.9.4.dfsg-0ubuntu1

---------------
moodle (1.9.4.dfsg-0ubuntu1) jaunty; urgency=low

* Merge with Debian git (Closes LP: #322961, #239481, #334611):
    - use Ubuntu's smarty lib directory for linking
    - use internal yui library
    - add update-notifier support back in

moodle (1.9.4.dfsg-1) UNRELEASED; urgency=low

Dependencies:
  * Depend on libjs-yui instead of yui (renamed after lenny)
  * Add dependency on unzip
  * Recommend php5-xmlrpc and aspell
  * Suggest clamav
  * Demoted mimetex to recommended

Generated config:
  * Turn 'dbpersist' on by default in the generated config.php
  * Include whitespace warning at the end of generated config.php
  * Set the path to du, unzip and zip

moodle (1.8.2.dfsg-4) unstable; urgency=high

* Improve the fix for log URL filtering as suggested by Steffen Joeris
    (MSA-09-0007 / CVE-2009-0500)
  * Backport upstream fix for calendar export leakage
    (MSA-09-0006 / CVE-2009-0501)

moodle (1.8.2.dfsg-3) unstable; urgency=high

moodle (1.8.2.dfsg-2) unstable; urgency=high

[ Francois Marier ]
  * Update html2text to prevent code execution attacks (closes: #508909)

moodle (1.8.2.dfsg-1) unstable; urgency=high

* Replace html2text with a GPL alternative (closes: #507947)
  * Fix XSS in the wiki module (CVE-2008-5432, closes: #508593)
  * Add Dan Poltawski to the uploaders field

moodle (1.8.2-2) unstable; urgency=high

* Adopt orphaned package (closes: #494642)
  * Acknowledge security NMU (closes: #489533, #432264)
  * Add Vcs-* fields to debian/control

Release-critical and security bugs:

* Depend on smarty instead of using the embedded copy that is shipped
    with Moodle (closes: #471158, #488525, #504345)
  * Patch security bug in the embedded (and customised) copy of phpmailer
    (CVE-2007-3215, closes: #429339, #429190)
  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)

Trivial bug fixes:

* Depend on zip (closes: #408995)
  * Add mysql-client as an alternative to postgresql-client
    (closes: #417554, #469094)
  * Recommend php5-ldap (closes: #425839)
  * Delete unnecessary script with bashisms (closes: #489634)

Lintian warnings:

* Bump Standards-Version to 3.8.0
  * Add homepage field to debian/control
  * Remove cvsignore file
  * Remove extra license file
  * Depend on yui instead of using an embedded copy

moodle (1.8.2-1.3) unstable; urgency=high

* Non-maintainer upload by the Security Team.
  * Fix broken HTML filtering which could be used to perform XSS attacks,
    bypass restrictions or possibly execute arbitrary code
    (CVE-2008-1502; Closes: #489533).

-- Jordan Mantha <laserjock@ubuntu.com>   Wed, 25 Feb 2009 15:16:22 -0800

Changed in moodle:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntumoodle package