mahara-packaging team mailing list archive
-
mahara-packaging team
-
Mailing list archive
-
Message #00059
[Bug 780917] Re: Major security updates for Mahara
All of these patches were tested in their respective distro versions.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1402
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1403
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1404
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1405
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1406
--
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/780917
Title:
Major security updates for Mahara
Status in “mahara” package in Ubuntu:
New
Bug description:
Binary package hint: mahara
Here are packages to fix a number of very serious security issues in
all versions of Mahara:
* fixes to session key validation (CSRF)
* privilege escalations
* information disclosure in AJAX calls
* https to http downgrade
* sanitisation of HTML emails
