← Back to team overview

mahara-packaging team mailing list archive

  1. mahara-packaging team
  2. Mailing list archive
  3. Message #00054

[Bug 676336] Re: Blogs get deleted without sesskey check

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package mahara - 1.2.5-2ubuntu0.1

---------------
mahara (1.2.5-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2011-0439.dpatch: upstream patch
    - CVE-2011-0439
    - LP: #676336
  * SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
    - debian/patches/CVE-2011-0440.dpatch: upstream patch
    - CVE-2011-0440
 -- Francois Marier <francois@xxxxxxxxxx>   Fri, 25 Mar 2011 16:38:51 +1300

** Changed in: mahara (Ubuntu Maverick)
       Status: Fix Committed => Fix Released

** Changed in: mahara (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/676336

Title:
  Blogs get deleted without sesskey check

Status in Mahara ePortfolio:
  Fix Released
Status in Mahara 1.3 series:
  Fix Released
Status in “mahara” package in Ubuntu:
  Fix Released
Status in “mahara” source package in Lucid:
  Fix Released
Status in “mahara” source package in Maverick:
  Fix Released
Status in “mahara” source package in Natty:
  Fix Released

Bug description:
  Permissions are checked but the sesskey is neither passed nor checked
  e.g. artefact/blog/index.php?delete=123
  Thread PreviousDate PreviousThread Next