← Back to team overview

mahara-packaging team mailing list archive

  1. mahara-packaging team
  2. Mailing list archive
  3. Message #00015

[Bug 602772] [NEW] Sync mahara 1.2.5-1 (universe) from Debian unstable (main)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Please sync mahara 1.2.5-1 (universe) from Debian unstable (main)

Changelog entries since current maverick version 1.2.4-1:

mahara (1.2.5-1) unstable; urgency=high

  * New upstream release
    - multiple cross-site scripting vulnerabilities (CVE-2010-1667)
    - multiple cross-site request forgery vulnerabilities (CVE-2010-1668)
    - sql injection (CVE-2010-1669)
    - unsafe auth plugins configuration options (CVE-2010-1670)

  * Use system's version of HTML purifier (CVE-2010-2479)
  * Add missing symlink to PEAR's File module to fix csv parsing

  * Remove reference to the common BSD license in debian/copyright
  * Bump Standards-Version to 3.9.0

 -- Francois Marier <francois@xxxxxxxxxx>  Mon, 05 Jul 2010 15:45:27
+1200

** Affects: mahara (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

** Changed in: mahara (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: mahara (Ubuntu)
       Status: New => Confirmed

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1667

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1668

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1669

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1670

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2479

-- 
Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/602772
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in ubuntu.

Status in “mahara” package in Ubuntu: Confirmed

Bug description:
Please sync mahara 1.2.5-1 (universe) from Debian unstable (main)

Changelog entries since current maverick version 1.2.4-1:

mahara (1.2.5-1) unstable; urgency=high

  * New upstream release
    - multiple cross-site scripting vulnerabilities (CVE-2010-1667)
    - multiple cross-site request forgery vulnerabilities (CVE-2010-1668)
    - sql injection (CVE-2010-1669)
    - unsafe auth plugins configuration options (CVE-2010-1670)

  * Use system's version of HTML purifier (CVE-2010-2479)
  * Add missing symlink to PEAR's File module to fix csv parsing

  * Remove reference to the common BSD license in debian/copyright
  * Bump Standards-Version to 3.9.0

 -- Francois Marier <francois@xxxxxxxxxx>  Mon, 05 Jul 2010 15:45:27 +1200

Follow ups

References

  Thread PreviousDate PreviousThread Next