the version control tab is generated from the cvs commit messages, I guess the easies way is to search for MDL-xx numbers in moodle git repository somehow.
In most cases it is better to spend time on testing the latest release instead of trying to backport stuff into old releases. Blind applying of patches may not be good approach, because the fixes might depend on other changes that were done previously in the stable branch.
The main reason for keeping the issues closed is that there is very often detailed exploit information in the tracker.
Security and privacy
tracker "permission violation" and security patches
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.