[ubuntu/natty-security] mahara, mahara_1.2.7-1ubuntu0.2_i386_translations.tar.gz 1.2.7-1ubuntu0.2 (Accepted)
Melissa Draper
melissa at catalyst.net.nz
Wed Nov 16 00:06:57 UTC 2011
mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Date: Wed, 02 Nov 2011 21:50:04 +0000
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/mahara/1.2.7-1ubuntu0.2
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Nov 2011 21:50:04 +0000
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source
Version: 1.2.7-1ubuntu0.2
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media
Launchpad-Bugs-Fixed: 888358
Changes:
mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low
.
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
.
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
.
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
.
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1:
986efe02d74387dd7da9a79d64be5690590b0324 2041 mahara_1.2.7-1ubuntu0.2.dsc
e046cbdb0aab052b9eb7e25c46223a0aa6801729 28866 mahara_1.2.7-1ubuntu0.2.debian.tar.gz
Checksums-Sha256:
8f082fa3b738d21fb168d2f880aa4c4682367d87c98fb57cb4e7eaae904242e2 2041 mahara_1.2.7-1ubuntu0.2.dsc
bb9294dbdd1ab8fb130c948d7023575cb9219ceea8f98732ba8b5b80f24af74e 28866 mahara_1.2.7-1ubuntu0.2.debian.tar.gz
Files:
0a2c56a84eb35c9e19fcd36b627149d8 2041 web optional mahara_1.2.7-1ubuntu0.2.dsc
4a039d1b6fe76ba42655e7e961957376 28866 web optional mahara_1.2.7-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Mahara Packaging Team <mahara-packaging at lists.launchpad.net>
More information about the Natty-changes
mailing list