mahara-packaging team mailing list archive
-
mahara-packaging team
-
Mailing list archive
-
Message #00026
[Bug 602772] Re: Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
mahara (1.0.9-2ubuntu0.7) jaunty-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities
- debian/patches/CVE-2010-1667.dpatch: upstream patch
- CVE-2010-1667
* SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
- debian/patches/CVE-2010-1668.dpatch: upstream patch
- CVE-2010-1668
* SECURITY UPDATE: unsafe auth plugins configuration options
- debian/patches/CVE-2010-1670.dpatch: upstream patch
- CVE-2010-1670
* SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
- debian/patches/CVE-2010-2479.dpatch: upstream patch
- CVE-2010-2479
** Changed in: mahara (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/602772
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in ubuntu.
Status in “mahara” package in Ubuntu: Fix Released
Status in “mahara” source package in Lucid: Fix Released
Status in “mahara” source package in Maverick: Fix Released
Status in “mahara” source package in Jaunty: Fix Released
Status in “mahara” source package in Karmic: Fix Released
Bug description:
Please sync mahara 1.2.5-1 (universe) from Debian unstable (main)
Changelog entries since current maverick version 1.2.4-1:
mahara (1.2.5-1) unstable; urgency=high
* New upstream release
- multiple cross-site scripting vulnerabilities (CVE-2010-1667)
- multiple cross-site request forgery vulnerabilities (CVE-2010-1668)
- sql injection (CVE-2010-1669)
- unsafe auth plugins configuration options (CVE-2010-1670)
* Use system's version of HTML purifier (CVE-2010-2479)
* Add missing symlink to PEAR's File module to fix csv parsing
* Remove reference to the common BSD license in debian/copyright
* Bump Standards-Version to 3.9.0
-- Francois Marier <francois@xxxxxxxxxx> Mon, 05 Jul 2010 15:45:27 +1200
References