mahara-packaging team mailing list archive

Thread
Date

[Bug 780917] Re: Major security updates for Mahara

To: mahara-packaging@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Wed, 11 May 2011 05:30:14 -0000
Reply-to: Bug 780917 <780917@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Patch added: "Patch for the natty package (1.2.7-1)"
   https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/780917/+attachment/2123975/+files/natty.deb.diff

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/780917

Title:
  Major security updates for Mahara

Status in “mahara” package in Ubuntu:
  New

Bug description:
  Binary package hint: mahara

  Here are packages to fix a number of very serious security issues in
  all versions of Mahara:

   * fixes to session key validation (CSRF)
   * privilege escalations
   * information disclosure in AJAX calls
   * https to http downgrade
   * sanitisation of HTML emails