mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Information disclosure exposing private messages
- User check to ensure they are conversation participant (LP: #888358)
- debian/patches/CVE-2011-2774.patch: upstream patch
- CVE-2011-2774
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Date: Thu, 03 Nov 2011 22:32:45 +0000
Changed-By: Melissa Draper <[email protected]>
Maintainer: Mahara Packaging Team <[email protected]>
https://launchpad.net/ubuntu/oneiric/+source/mahara/1.4.0-1ubuntu0.1
Format: 1.8
Date: Thu, 03 Nov 2011 22:32:45 +0000
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source
Version: 1.4.0-1ubuntu0.1
Distribution: oneiric-security
Urgency: low
Maintainer: Mahara Packaging Team <[email protected]>
Changed-By: Melissa Draper <[email protected]>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2
config
mahara-mediaplayer - Electronic portfolio, weblog, and resume builder -
internal media
Launchpad-Bugs-Fixed: 888358
Changes:
mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
.
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
.
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
.
* SECURITY UPDATE: Information disclosure exposing private messages
- User check to ensure they are conversation participant (LP: #888358)
- debian/patches/CVE-2011-2774.patch: upstream patch
- CVE-2011-2774
.
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1:
01dd1214181fa95eed27f4a97f13bcbe5b6bbc1d 1928 mahara_1.4.0-1ubuntu0.1.dsc
268bd410eb330794881c843d9eff01e8d0a3dc94 29425
mahara_1.4.0-1ubuntu0.1.debian.tar.gz
Checksums-Sha256:
c804733b2ec87fe193ea5d75d87619c68713880eff58ffe2415a0fd4ac970586 1928
mahara_1.4.0-1ubuntu0.1.dsc
f7d5951de824d4b570d330d8a2d33732d26888b084ba22d31d5facfe069ca011 29425
mahara_1.4.0-1ubuntu0.1.debian.tar.gz
Files:
c298445ba4449e931b708987706bb286 1928 web optional mahara_1.4.0-1ubuntu0.1.dsc
baa04f3ec2fe092f7df01a63bb8ba07b 29425 web optional
mahara_1.4.0-1ubuntu0.1.debian.tar.gz
--
Oneiric-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/oneiric-changes
