mahara-packaging team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

Thanks for the patches!

Adding ubuntu-security-sponsors to subscribers as per
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue  (which is why this
didn't show up on our reports and wasn't tended to yet).

** Also affects: mahara (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: mahara (Ubuntu Maverick)
   Importance: Undecided
       Status: New

** Also affects: mahara (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: mahara (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/780917

Title:
  Major security updates for Mahara

Status in “mahara” package in Ubuntu:
  Fix Released
Status in “mahara” source package in Lucid:
  Triaged
Status in “mahara” source package in Maverick:
  Triaged
Status in “mahara” source package in Natty:
  Triaged
Status in “mahara” source package in Oneiric:
  Fix Released

Bug description:
  Binary package hint: mahara

  Here are packages to fix a number of very serious security issues in
  all versions of Mahara:

   * fixes to session key validation (CSRF)
   * privilege escalations
   * information disclosure in AJAX calls
   * https to http downgrade
   * sanitisation of HTML emails