mahara-packaging team mailing list archive

Thread
Date
[Bug 958841] Re: Minor security update for Mahara

To: mahara-packaging@xxxxxxxxxxxxxxxxxxx
From: Bryce Harrington <958841@xxxxxxxxxxxxxxxxxx>
Date: Thu, 22 Mar 2012 18:47:02 -0000
Reply-to: Bug 958841 <958841@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Description changed:

- Here are patches to fix a minor security issue in lucid, maverick, natty
- and oneiric versions of Mahara
+ [Impact]
+ <fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
+ 
+ [Development Fix]
+ <fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
+ 
+ [Stable Fix]
+ <fill me in by pointing out a minimal patch applicable to the stable version of the package.>
+ 
+ [Text Case]
+ <fill me in with detailed *instructions* on how to reproduce the bug.  This will be used by people later on to verify the updated package fixes the problem.>
+ 1.
+ 2.
+ 3.
+ Broken Behavior: 
+ Fixed Behavior: 
+ 
+ [Regression Potential]
+ <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected. 
+ 
+ [Original Report]
+ Here are patches to fix a minor security issue in lucid, maverick, natty and oneiric versions of Mahara
  
  The issue affects both 1.2.x and 1.4.x
  
-  * Fix default config for sites with multiple SAML instances
-    - Default configuration changed to prevent impersonation
-    - https://mahara.org/interaction/forum/topic.php?id=4367
+  * Fix default config for sites with multiple SAML instances
+    - Default configuration changed to prevent impersonation
+    - https://mahara.org/interaction/forum/topic.php?id=4367

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/958841

Title:
  Minor security update for Mahara

Status in “mahara” package in Ubuntu:
  Confirmed
Status in “mahara” source package in Lucid:
  Confirmed
Status in “mahara” source package in Maverick:
  Confirmed
Status in “mahara” source package in Natty:
  Confirmed
Status in “mahara” source package in Oneiric:
  Confirmed
Status in “mahara” source package in Precise:
  Confirmed

Bug description:
  [Impact]
  <fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>

  [Development Fix]
  <fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >

  [Stable Fix]
  <fill me in by pointing out a minimal patch applicable to the stable version of the package.>

  [Text Case]
  <fill me in with detailed *instructions* on how to reproduce the bug.  This will be used by people later on to verify the updated package fixes the problem.>
  1.
  2.
  3.
  Broken Behavior: 
  Fixed Behavior: 

  [Regression Potential]
  <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected. 

  [Original Report]
  Here are patches to fix a minor security issue in lucid, maverick, natty and oneiric versions of Mahara

  The issue affects both 1.2.x and 1.4.x

   * Fix default config for sites with multiple SAML instances
     - Default configuration changed to prevent impersonation
     - https://mahara.org/interaction/forum/topic.php?id=4367

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/958841/+subscriptions