[ubuntu/oneiric-security] mahara 1.4.0-1ubuntu0.1 (Accepted)
Melissa Draper
melissa at catalyst.net.nz
Wed Nov 16 00:03:48 UTC 2011
mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Information disclosure exposing private messages
- User check to ensure they are conversation participant (LP: #888358)
- debian/patches/CVE-2011-2774.patch: upstream patch
- CVE-2011-2774
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Date: Thu, 03 Nov 2011 22:32:45 +0000
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Maintainer: Mahara Packaging Team <mahara-packaging at lists.launchpad.net>
https://launchpad.net/ubuntu/oneiric/+source/mahara/1.4.0-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 03 Nov 2011 22:32:45 +0000
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source
Version: 1.4.0-1ubuntu0.1
Distribution: oneiric-security
Urgency: low
Maintainer: Mahara Packaging Team <mahara-packaging at lists.launchpad.net>
Changed-By: Melissa Draper <melissa at catalyst.net.nz>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media
Launchpad-Bugs-Fixed: 888358
Changes:
mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
.
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
.
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
.
* SECURITY UPDATE: Information disclosure exposing private messages
- User check to ensure they are conversation participant (LP: #888358)
- debian/patches/CVE-2011-2774.patch: upstream patch
- CVE-2011-2774
.
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1:
01dd1214181fa95eed27f4a97f13bcbe5b6bbc1d 1928 mahara_1.4.0-1ubuntu0.1.dsc
268bd410eb330794881c843d9eff01e8d0a3dc94 29425 mahara_1.4.0-1ubuntu0.1.debian.tar.gz
Checksums-Sha256:
c804733b2ec87fe193ea5d75d87619c68713880eff58ffe2415a0fd4ac970586 1928 mahara_1.4.0-1ubuntu0.1.dsc
f7d5951de824d4b570d330d8a2d33732d26888b084ba22d31d5facfe069ca011 29425 mahara_1.4.0-1ubuntu0.1.debian.tar.gz
Files:
c298445ba4449e931b708987706bb286 1928 web optional mahara_1.4.0-1ubuntu0.1.dsc
baa04f3ec2fe092f7df01a63bb8ba07b 29425 web optional mahara_1.4.0-1ubuntu0.1.debian.tar.gz
More information about the Oneiric-changes
mailing list