[Bug 602772] Re: Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
Jamie Strandboge
jamie at ubuntu.com
Thu Jul 8 18:29:14 BST 2010
mahara (1.2.4-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities
- debian/patches/CVE-2010-1667.patch: upstream patch
- CVE-2010-1667
* SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
- debian/patches/CVE-2010-1668.patch: upstream patch
- CVE-2010-1668
* SECURITY UPDATE: SQL injection
- debian/patches/CVE-2010-1669.patch: upstream patch
- CVE-2010-1669
* SECURITY UPDATE: unsafe auth plugins configuration options
- debian/patches/CVE-2010-1670.patch: upstream patch
- CVE-2010-1670
* SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
- depend on php-htmlpurifier and stop using the bundled version
- CVE-2010-2479
** Changed in: mahara (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/602772
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list