[ubuntu/maverick-security] mahara, mahara_1.2.5-2ubuntu0.3_i386_translations.tar.gz 1.2.5-2ubuntu0.3 (Accepted)
Melissa Draper
melissa at catalyst.net.nz
Wed Nov 16 00:08:38 UTC 2011
mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Date: Tue, 08 Nov 2011 18:59:14 +1300
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/mahara/1.2.5-2ubuntu0.3
-------------- next part --------------
Format: 1.8
Date: Tue, 08 Nov 2011 18:59:14 +1300
Source: mahara
Binary: mahara mahara-apache2
Architecture: source
Version: 1.2.5-2ubuntu0.3
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
Launchpad-Bugs-Fixed: 888358
Changes:
mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low
.
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
.
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
.
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
.
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1:
f7f75998ffd4254085de1a08fa6dd4773ee9e7ca 2021 mahara_1.2.5-2ubuntu0.3.dsc
ceed8ef28c83b57be311adad7ea50f64c801dbc8 28563 mahara_1.2.5-2ubuntu0.3.debian.tar.gz
Checksums-Sha256:
67b419154b2e1772f96f5ee39ff3a2d3649ec11941c99a7aacc122dd84a8fa83 2021 mahara_1.2.5-2ubuntu0.3.dsc
a3df6822600621aa6acd31b4be75e165edf2fefddd2b5c56ed2ed8ff015cbc2d 28563 mahara_1.2.5-2ubuntu0.3.debian.tar.gz
Files:
7950654850cf2f3112f15211aabf5868 2021 web optional mahara_1.2.5-2ubuntu0.3.dsc
0510d8f5a49e4ea1dec18f15807980a7 28563 web optional mahara_1.2.5-2ubuntu0.3.debian.tar.gz
Original-Maintainer: Mahara Packaging Team <mahara-packaging at lists.launchpad.net>
More information about the Maverick-changes
mailing list