mahara-packaging team mailing list archive
-
mahara-packaging team
-
Mailing list archive
-
Message #00007
[Bug 556369] Re: SQL injection in username field
ACK to the jaunty and karmic debdiffs.
Updated packages will be published today.
--
SQL injection in username field
https://bugs.launchpad.net/bugs/556369
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in ubuntu.
Status in Mahara ePortfolio: Fix Released
Status in “mahara” package in Ubuntu: Invalid
Status in “mahara” source package in Lucid: Invalid
Status in “mahara” source package in Jaunty: Confirmed
Status in “mahara” source package in Karmic: Confirmed
Bug description:
Binary package hint: mahara
There is an exploitable SQL injection in the code used to generate new usernames.
I will attach here debdiffs for both jaunty and karmic.
For lucid, I will file a separate sync request.
( Also see upstream bug report at https://bugs.launchpad.net/mahara/+bug/534172 and the upstream security advisory at http://mahara.org/interaction/forum/topic.php?id=1713 )