mahara-packaging team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

Upstream advisories are here:

  http://mahara.org/interaction/forum/topic.php?id=3539
  http://mahara.org/interaction/forum/topic.php?id=3540
  http://mahara.org/interaction/forum/topic.php?id=3541
  http://mahara.org/interaction/forum/topic.php?id=3542
  http://mahara.org/interaction/forum/topic.php?id=3543

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/780917

Title:
  Major security updates for Mahara

Status in “mahara” package in Ubuntu:
  New

Bug description:
  Binary package hint: mahara

  Here are packages to fix a number of very serious security issues in
  all versions of Mahara:

   * fixes to session key validation (CSRF)
   * privilege escalations
   * information disclosure in AJAX calls
   * https to http downgrade
   * sanitisation of HTML emails