Hello, I have just uploaded moodle 1.8.2.dfsg-1 to unstable which fixes CVE-2008-5432. It fixes another release-critical bug (dfsg-related) so I will be requesting a freeze exception for it unless you want to push that upload through a security update. Cheers, Francois