If you are a user of the Moodle packages on Debian or Ubuntu (or any other derivative) see Debian Security Advisory 1986-1.

Summary:

Code:
Package        : moodle
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2009-4297 CVE-2009-4298 CVE-2009-4299 CVE-2009-4301
                 CVE-2009-4302 CVE-2009-4303 CVE-2009-4305
Debian Bugs    : 559531


Several vulnerabilities have been discovered in Moodle, an online
course management system. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-4297

Multiple cross-site request forgery (CSRF) vulnerabilities have been
discovered.

CVE-2009-4298

It has been discovered that the LAMS module is prone to the disclosure
of user account information.

CVE-2009-4299

The Glossary module has an insufficient access control mechanism.

CVE-2009-4301

Moodle does not properly check permissions when the MNET service is
enabled, which allows remote authenticated servers to execute arbitrary
MNET functions.

CVE-2009-4302

The login/index_form.html page links to an HTTP page instead of using an
SSL secured connection.

CVE-2009-4303

Moodle stores sensitive data in backup files, which might make it
possible for attackers to obtain them.

CVE-2009-4305

It has been discovered that the SCORM module is prone to an SQL
injection.