[ubuntu/natty-security] mahara, mahara_1.2.7-1ubuntu0.2_i386_translations.tar.gz 1.2.7-1ubuntu0.2 (Accepted)

[Melissa Draper]

mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - Session check added (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch

Date: Wed, 02 Nov 2011 21:50:04 +0000
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/mahara/1.2.7-1ubuntu0.2
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Nov 2011 21:50:04 +0000
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source
Version: 1.2.7-1ubuntu0.2
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Description: 
 mahara     - Electronic portfolio, weblog, and resume builder
 mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
 mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media
Launchpad-Bugs-Fixed: 888358
Changes: 
 mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low
 .
   * SECURITY UPDATE: XSS in unvalidated URI attributes
     - Added a filter to sanitise user input urls (LP: #888358)
     - debian/patches/CVE-2011-2771.patch: upstream patch
     - CVE-2011-2771
 .
   * SECURITY UPDATE: DoS attack via invalid or excessively large images
     - Added a check to evaluate available memory before processing
       (LP: #888358)
     - debian/patches/CVE-2011-2772.patch: upstream patch
     - CVE-2011-2772
 .
   * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
     them to an institution
     - Session check added (LP: #888358)
     - debian/patches/CVE-2011-2773.patch: upstream patch
     - CVE-2011-2773
 .
   * SECURITY UPDATE: Prevent masquerading users from jumping as others
     - Added a check to prevent jumping as other users. (LP: #888358)
     - debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1: 
 986efe02d74387dd7da9a79d64be5690590b0324 2041 mahara_1.2.7-1ubuntu0.2.dsc
 e046cbdb0aab052b9eb7e25c46223a0aa6801729 28866 mahara_1.2.7-1ubuntu0.2.debian.tar.gz
Checksums-Sha256: 
 8f082fa3b738d21fb168d2f880aa4c4682367d87c98fb57cb4e7eaae904242e2 2041 mahara_1.2.7-1ubuntu0.2.dsc
 bb9294dbdd1ab8fb130c948d7023575cb9219ceea8f98732ba8b5b80f24af74e 28866 mahara_1.2.7-1ubuntu0.2.debian.tar.gz
Files: 
 0a2c56a84eb35c9e19fcd36b627149d8 2041 web optional mahara_1.2.7-1ubuntu0.2.dsc
 4a039d1b6fe76ba42655e7e961957376 28866 web optional mahara_1.2.7-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Mahara Packaging Team <mahara-packaging at lists.launchpad.net>