mahara-packaging team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

2010-07-08 15:08:04 INFO      - <mahara_1.2.5.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
[Updating] mahara (1.2.4-1 [Ubuntu] < 1.2.5-2 [Debian])
 * Trying to add mahara...
2010-07-08 15:08:05 INFO      - <mahara_1.2.5-2.dsc: downloading from http://ftp.debian.org/debian/>
2010-07-08 15:08:05 INFO      - <mahara_1.2.5-2.debian.tar.gz: downloading from http://ftp.debian.org/debian/>
I: mahara [universe] -> mahara_1.2.4-1 [universe].
I: mahara [universe] -> mahara-apache2_1.2.4-1 [universe].


** Also affects: mahara (Ubuntu Maverick)
   Importance: Wishlist
       Status: Confirmed

** Changed in: mahara (Ubuntu Maverick)
       Status: Confirmed => Fix Released

-- 
Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/602772
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in ubuntu.

Status in “mahara” package in Ubuntu: Fix Released
Status in “mahara” source package in Lucid: New
Status in “mahara” source package in Maverick: Fix Released
Status in “mahara” source package in Jaunty: New
Status in “mahara” source package in Karmic: New

Bug description:
Please sync mahara 1.2.5-1 (universe) from Debian unstable (main)

Changelog entries since current maverick version 1.2.4-1:

mahara (1.2.5-1) unstable; urgency=high

  * New upstream release
    - multiple cross-site scripting vulnerabilities (CVE-2010-1667)
    - multiple cross-site request forgery vulnerabilities (CVE-2010-1668)
    - sql injection (CVE-2010-1669)
    - unsafe auth plugins configuration options (CVE-2010-1670)

  * Use system's version of HTML purifier (CVE-2010-2479)
  * Add missing symlink to PEAR's File module to fix csv parsing

  * Remove reference to the common BSD license in debian/copyright
  * Bump Standards-Version to 3.9.0

 -- Francois Marier <francois@xxxxxxxxxx>  Mon, 05 Jul 2010 15:45:27 +1200