[ubuntu/lucid-security] mahara, mahara_1.2.4-1ubuntu0.4_i386_translations.tar.gz 1.2.4-1ubuntu0.4 (Accepted)
Melissa Draper
melissa at catalyst.net.nz
Wed Nov 16 00:10:25 UTC 2011
mahara (1.2.4-1ubuntu0.4) lucid-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Date: Wed, 02 Nov 2011 21:26:46 +0000
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/mahara/1.2.4-1ubuntu0.4
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Nov 2011 21:26:46 +0000
Source: mahara
Binary: mahara mahara-apache2
Architecture: source
Version: 1.2.4-1ubuntu0.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
Launchpad-Bugs-Fixed: 888358 888358 888358 888358
Changes:
mahara (1.2.4-1ubuntu0.4) lucid-security; urgency=low
.
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
.
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
.
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
.
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1:
0f80b97059dad6ce0c9dcdc54e04d6ddf2ed82b8 2021 mahara_1.2.4-1ubuntu0.4.dsc
b26a67d57a8baecaec83669a3b61dabeb90c0332 33691 mahara_1.2.4-1ubuntu0.4.debian.tar.gz
Checksums-Sha256:
b93634a0036cad625d7149b870a7f1616211091684bb7abced68610b435bc43e 2021 mahara_1.2.4-1ubuntu0.4.dsc
8bff4be087a60805f6dec46ebd9fc146dc724890736cb1a7a37b2662d4eebe87 33691 mahara_1.2.4-1ubuntu0.4.debian.tar.gz
Files:
fcf3d1c47721c9f1f7723af77b58c346 2021 web optional mahara_1.2.4-1ubuntu0.4.dsc
3742c2a2b56ec2ccbcca290339c87d58 33691 web optional mahara_1.2.4-1ubuntu0.4.debian.tar.gz
Original-Maintainer: Mahara Packaging Team <mahara-packaging at lists.launchpad.net>
More information about the Lucid-changes
mailing list