Change log for mahara package in Ubuntu

149 of 49 results
Deleted in trusty-release on 2015-05-01 (Reason: (From Debian) RoQA; unmaintained, not in stable, RC buggy...)
Obsolete in saucy-release on 2015-04-24
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
mahara (1.5.1-3.1) unstable; urgency=high


  * Non-maintainer upload.
  * SECURITY UPDATE: Fix a cross-site scripting (XSS) vulnerability
    which allowed remote attackers to inject arbitrary web script or
    HTML via the query parameter.
    - debian/patches/CVE-2012-2253.patch
    - Closes: #695789

 -- Luca Falavigna <email address hidden>  Sun, 23 Dec 2012 14:53:41 +0100

Available diffs

Superseded in raring-release on 2012-12-26
Deleted in raring-proposed on 2012-12-27 (Reason: moved to release)
mahara (1.5.1-3) unstable; urgency=high


  * SECURITY UPDATE: Disable XML entity parsing to prevent XEE
    - debian/patches/CVE-2012-2239.patch: upstream patch

  * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
    - Content passed to the error message was not escaped
    - Escape pieform errors displayed to users
    - debian/patches/CVE-2012-2243-0001.patch: upstream patch
    - XHTML files prone to embedded javascript
    - Prevent uploaded xhtml files from displaying verbatim
    - debian/patches/CVE-2012-2243-0002.patch: upstream patch

  * SECURITY UPDATE: Arbitrary file execution via clam path
    - Remove executable bit from existing uploaded files
    - debian/patches/CVE-2012-2244-0001.patch: upstream patch
    - Ensure future files will not be executable
    - debian/patches/CVE-2012-2244-0002.patch: upstream patch
    - Remove direct path option from web configuration
    - debian/patches/CVE-2012-2244-0003.patch: upstream patch

  * SECURITY UPDATE: Prevent click-jacking attacks
    - Add a HTTP header of X-Frame-Options to every page
    - debian/patches/CVE-2012-2246.patch: upstream patch

  * SECURITY UPDATE: Prevent SVG images being displayed
    - SVG images displayed inline
    - Adds SVG files to the list of files to not display by default
    - debian/patches/CVE-2012-2247.patch: upstream patch

 -- Melissa Draper <email address hidden>  Tue, 12 Nov 2012 04:08:09 +0000

Available diffs

Superseded in raring-release on 2012-11-16
Deleted in raring-proposed on 2012-11-17 (Reason: moved to release)
mahara (1.5.1-2.1) unstable; urgency=low


  * Non-maintainer upload
  * debian/mahara.preinst: Remove previous symlink that is replaced by a
    directory (closes: #690124)

 -- David Prévot <email address hidden>  Sat, 27 Oct 2012 22:10:31 -0400

Available diffs

Superseded in raring-release on 2012-10-29
Obsolete in quantal-release on 2015-04-24
mahara (1.5.1-2) unstable; urgency=high


  * SECURITY UPDATE: Fix multiple cross-site scripting vulnerabilities
    - Sanitize json-encode login form when injected by js
    - Sanitize links in links and resources menu
    - Sanitize file description for blog image editor
    - Add escaping to user_display_name by adding to dwoo template
    - debian/patches/CVE-2012-2237-0001.patch: upstream patch
    - debian/patches/CVE-2012-2237-0002.patch: upstream patch
    - debian/patches/CVE-2012-2237-0003.patch: upstream patch
    - debian/patches/CVE-2012-2237-0004.patch: upstream patch

 -- Melissa Draper <email address hidden>  Mon, 16 Jul 2012 09:37:07 +0000

Available diffs

Superseded in quantal-release on 2012-09-07
mahara (1.5.1-1) unstable; urgency=low


  [ Melissa Draper ]
  * New major upstream release
    - Improved password storage
    - Database triggers
    - php minimum version now 5.3

  * Drop dependency on Dwoo and use bundled version instead
  * Update versioned dependencies on Postgres and MySQL
  * Add libjs-jquery dependency
  * Bump Standards-Version up to 3.9.3
  * Bump debhelper compatibility to 9

  [ Francois Marier ]
  * Fix watch file
  * Update homepage URL in debian/control 
  * Update Alioth URLs

 -- Melissa Draper <email address hidden>  Thu, 31 May 2012 12:03:15 +1200

Available diffs

Superseded in quantal-release on 2012-06-01
Published in precise-release on 2012-04-02
mahara (1.4.2-1) unstable; urgency=high


  * New upstream release
  * SECURITY UPDATE: Fix default config for sites with multiple SAML instances
    - Default configuration changed to prevent impersonation

 -- Melissa Draper <email address hidden>  Wed, 14 Mar 2012 01:53:32 +0000

Available diffs

Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
mahara (1.4.0-1ubuntu0.2) oneiric-security; urgency=low

  * SECURITY UPDATE: Fix default config for sites with multiple SAML instances
    - Default configuration changed to prevent impersonation (LP: #958841)
    - debian/patches/saml_multi_default_config.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 21 Mar 2012 14:43:12 +1300
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
mahara (1.2.7-1ubuntu0.3) natty-security; urgency=low

  * SECURITY UPDATE: Fix default config for sites with multiple SAML instances
    - Default configuration changed to prevent impersonation (LP: #958841)
    - debian/patches/saml_multi_default_config.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 21 Mar 2012 01:38:40 +0000
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
mahara (1.2.5-2ubuntu0.4) maverick-security; urgency=low

  * SECURITY UPDATE: Fix default config for sites with multiple SAML instances
    - Default configuration changed to prevent impersonation (LP: #958841)
    - debian/patches/saml_multi_default_config.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 21 Mar 2012 00:23:05 +0000
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
mahara (1.2.4-1ubuntu0.5) lucid-security; urgency=low

  * SECURITY UPDATE: Fix default config for sites with multiple SAML instances
    - Default configuration changed to prevent impersonation (LP: #958841)
    - debian/patches/saml_multi_default_config.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 21 Mar 2012 00:11:15 +0000
Superseded in lucid-updates on 2012-03-23
Superseded in lucid-security on 2012-03-23
mahara (1.2.4-1ubuntu0.4) lucid-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - Session check added (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 02 Nov 2011 21:26:46 +0000
Superseded in maverick-updates on 2012-03-23
Superseded in maverick-security on 2012-03-23
mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - Session check added (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch
 -- Melissa Draper <email address hidden>   Tue, 08 Nov 2011 18:59:14 +1300
Superseded in natty-updates on 2012-03-23
Superseded in natty-security on 2012-03-23
mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - Session check added (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 02 Nov 2011 21:50:04 +0000
Superseded in oneiric-updates on 2012-03-23
Superseded in oneiric-security on 2012-03-23
mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Information disclosure exposing private messages
    - User check to ensure they are conversation participant (LP: #888358)
    - debian/patches/CVE-2011-2774.patch: upstream patch
    - CVE-2011-2774

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch
 -- Melissa Draper <email address hidden>   Thu, 03 Nov 2011 22:32:45 +0000
Superseded in precise-release on 2012-04-02
mahara (1.4.1-1) unstable; urgency=low

  * New upstream release
    - CVE-2011-2771
    - CVE-2011-2772
    - CVE-2011-2773
    - CVE-2011-2774
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  14 Nov 2011 10:36:24 +0000

Available diffs

Superseded in precise-release on 2011-11-14
Obsolete in oneiric-release on 2015-04-24
mahara (1.4.0-1) unstable; urgency=low

  * New major upstream release
    - upstream .htaccess file has been removed

  * Add missing (empty) build targets in debian/rules (lintian warning)
 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  22 Jun 2011 09:36:11 +0000

Available diffs

Superseded in maverick-updates on 2011-11-16
Superseded in maverick-security on 2011-11-16
mahara (1.2.5-2ubuntu0.2) maverick-security; urgency=low

  * SECURITY UPDATE: fixes to session key validation (CSRF)
    - debian/patches/CVE-2011-1403.patch: upstream patch

  * SECURITY UPDATE: privilege escalations
    - debian/patches/CVE-2011-1402.patch: upstream patch

  * SECURITY UPDATE: information disclosure in AJAX calls
    - debian/patches/CVE-2011-1404.patch: upstream patch

  * SECURITY UPDATE: https to http downgrade
    - debian/patches/CVE-2011-1406.patch: upstream patch

  * SECURITY UPDATE: sanitisation of HTML emails
    - debian/patches/CVE-2011-1405.patch: upstream patch
 -- Francois Marier <email address hidden>   Tue, 10 May 2011 16:34:51 +1200
Superseded in natty-updates on 2011-11-16
Superseded in natty-security on 2011-11-16
mahara (1.2.7-1ubuntu0.1) natty-security; urgency=low

  * SECURITY UPDATE: fixes to session key validation (CSRF)
    - debian/patches/CVE-2011-1403.patch: upstream patch

  * SECURITY UPDATE: privilege escalations
    - debian/patches/CVE-2011-1402.patch: upstream patch

  * SECURITY UPDATE: information disclosure in AJAX calls
    - debian/patches/CVE-2011-1404.patch: upstream patch

  * SECURITY UPDATE: https to http downgrade
    - debian/patches/CVE-2011-1406.patch: upstream patch

  * SECURITY UPDATE: sanitisation of HTML emails
    - debian/patches/CVE-2011-1405.patch: upstream patch
 -- Francois Marier <email address hidden>   Tue, 10 May 2011 16:36:06 +1200
Superseded in lucid-updates on 2011-11-16
Superseded in lucid-security on 2011-11-16
mahara (1.2.4-1ubuntu0.3) lucid-security; urgency=low

  * SECURITY UPDATE: fixes to session key validation (CSRF)
    - debian/patches/CVE-2011-1403.patch: upstream patch

  * SECURITY UPDATE: privilege escalations
    - debian/patches/CVE-2011-1402.patch: upstream patch

  * SECURITY UPDATE: information disclosure in AJAX calls
    - debian/patches/CVE-2011-1404.patch: upstream patch

  * SECURITY UPDATE: https to http downgrade
    - debian/patches/CVE-2011-1406.patch: upstream patch

  * SECURITY UPDATE: sanitisation of HTML emails
    - debian/patches/CVE-2011-1405.patch: upstream patch
 -- Francois Marier <email address hidden>   Tue, 10 May 2011 16:33:40 +1200
Superseded in oneiric-release on 2011-06-22
mahara (1.3.6-1) unstable; urgency=high

  * New upstream release (major security fixes):
    - CVE-2011-1402
    - CVE-2011-1403
    - CVE-2011-1404
    - CVE-2011-1405
    - CVE-2011-1406

  * Fix versioned dependency of mahara-apache2
  * Drop mysql-server-5.0 recommendation
  * Bump Standards-Version up to 3.9.2
 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  11 May 2011 07:13:52 +0000

Available diffs

Superseded in oneiric-release on 2011-05-11
mahara (1.3.5-1) unstable; urgency=low

  * Major new upstream release
    - compatibility with HTML Purifier 4.3.0

  * Remove unused Mochikit lintian override
  * Update path of flowplayer in debian/rules
  * Fix more broken permissions in debian/rules
  * Add dependency on ttf-bitstream-vera and remove Mahara's bundled copy
  * Sync Uploaders field with Launchpad Team
 -- Ubuntu Archive Auto-Sync <email address hidden>   Sat,  30 Apr 2011 13:16:11 +0000

Available diffs

Superseded in lucid-updates on 2011-05-18
Superseded in lucid-security on 2011-05-18
mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2011-0439.dpatch: upstream patch
    - CVE-2011-0439
    - LP: #676336

  * SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
    - debian/patches/CVE-2011-0440.dpatch: upstream patch
    - CVE-2011-0440
 -- Francois Marier <email address hidden>   Fri, 18 Mar 2011 15:51:03 +1300
Superseded in maverick-updates on 2011-05-18
Superseded in maverick-security on 2011-05-18
mahara (1.2.5-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2011-0439.dpatch: upstream patch
    - CVE-2011-0439
    - LP: #676336
  * SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
    - debian/patches/CVE-2011-0440.dpatch: upstream patch
    - CVE-2011-0440
 -- Francois Marier <email address hidden>   Fri, 25 Mar 2011 16:38:51 +1300
Superseded in oneiric-release on 2011-04-30
Obsolete in natty-release on 2013-06-04
mahara (1.2.7-1) unstable; urgency=high

  * New upstream security release:
    - CVE-2011-0439 (XSS in select boxes)
    - CVE-2011-0440 (CSRF when deleting blogs)

  * Add Italian debconf translation (closes: #606378)
  * Add Danish debconf translation (closes: #597766)
  * Bump debhelper compatibility to 8
 -- Artur Rona <email address hidden>   Mon,  28 Mar 2011 22:07:25 +0000

Available diffs

Superseded in natty-release on 2011-03-28
mahara (1.2.6-2) unstable; urgency=medium

  * Move flowplayer.audio to the contrib package as well
  * Add an allow rule in apache.conf for flowplayer.audio

Available diffs

Superseded in lucid-updates on 2011-04-08
Superseded in lucid-security on 2011-04-08
mahara (1.2.4-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities
    - debian/patches/CVE-2010-1667.patch: upstream patch
    - CVE-2010-1667

  * SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
    - debian/patches/CVE-2010-1668.patch: upstream patch
    - CVE-2010-1668

  * SECURITY UPDATE: SQL injection
    - debian/patches/CVE-2010-1669.patch: upstream patch
    - CVE-2010-1669

  * SECURITY UPDATE: unsafe auth plugins configuration options
    - debian/patches/CVE-2010-1670.patch: upstream patch
    - CVE-2010-1670

  * SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
    - depend on php-htmlpurifier and stop using the bundled version
    - CVE-2010-2479
 -- Francois Marier <email address hidden>   Thu, 08 Jul 2010 17:02:43 +1200
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
mahara (1.1.5-1ubuntu0.3) karmic-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities
    - debian/patches/CVE-2010-1667.dpatch: upstream patch
    - CVE-2010-1667

  * SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
    - debian/patches/CVE-2010-1668.dpatch: upstream patch
    - CVE-2010-1668

  * SECURITY UPDATE: SQL injection
    - debian/patches/CVE-2010-1669.dpatch: upstream patch
    - CVE-2010-1669

  * SECURITY UPDATE: unsafe auth plugins configuration options
    - debian/patches/CVE-2010-1670.dpatch: upstream patch
    - CVE-2010-1670

  * SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
    - depend on php-htmlpurifier and stop using the bundled version
    - CVE-2010-2479
 -- Francois Marier <email address hidden>   Thu, 08 Jul 2010 15:27:38 +1200
Obsolete in jaunty-updates on 2013-02-28
Obsolete in jaunty-security on 2013-02-28
mahara (1.0.9-2ubuntu0.7) jaunty-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities
    - debian/patches/CVE-2010-1667.dpatch: upstream patch
    - CVE-2010-1667

  * SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
    - debian/patches/CVE-2010-1668.dpatch: upstream patch
    - CVE-2010-1668

  * SECURITY UPDATE: unsafe auth plugins configuration options
    - debian/patches/CVE-2010-1670.dpatch: upstream patch
    - CVE-2010-1670

  * SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
    - debian/patches/CVE-2010-2479.dpatch: upstream patch
    - CVE-2010-2479
 -- Francois Marier <email address hidden>   Thu, 08 Jul 2010 14:55:29 +1200
Superseded in natty-release on 2010-10-15
Obsolete in maverick-release on 2013-03-05
mahara (1.2.5-2) unstable; urgency=low

  * Remove postgresql8.3 from recommends, add postgresql8.4
  * Add mysql-server-5.1 to recommends

Available diffs

Superseded in maverick-release on 2010-07-08
Obsolete in lucid-release on 2016-10-26
mahara (1.2.4-1) unstable; urgency=high

  * New upstream release
    - fix for SQL injection (CVE-2010-0400)

Available diffs

Superseded in lucid-release on 2010-04-12
mahara (1.2.0-2ubuntu1) lucid; urgency=low

  * debian/control: Dont recommend mysql-server-5.0.
 -- Chuck Short <email address hidden>   Wed, 07 Apr 2010 11:29:18 -0400

Available diffs

Superseded in karmic-updates on 2010-07-08
Superseded in karmic-security on 2010-07-08
mahara (1.1.5-1ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: SQL injection (LP: #556369)
    - debian/patches/CVE-2010-0400.dpatch: fix from upstream
    - CVE-2010-0400
 -- Francois Marier <email address hidden>   Tue, 06 Apr 2010 22:35:16 +1200
Superseded in jaunty-updates on 2010-07-08
Superseded in jaunty-security on 2010-07-08
mahara (1.0.9-2ubuntu0.6) jaunty-security; urgency=low

  * SECURITY UPDATE: SQL injection (LP: #556369)
    - debian/patches/CVE-2010-0400.dpatch: fix from upstream
    - CVE-2010-0400
 -- Francois Marier <email address hidden>   Tue, 06 Apr 2010 22:58:53 +1200
Superseded in lucid-release on 2010-04-07
mahara (1.2.0-2) unstable; urgency=low

  * Fix postrm script so that Mahara can be uninstalled

Available diffs

Superseded in lucid-release on 2009-12-18
mahara (1.1.7-1) unstable; urgency=high

  * New upstream release
    - Privilege escalation fix (CVE-2009-3298)
    - XSS fix (CVE-2009-3299)

  * Bump Standards-Version up to 3.8.3
  * Switch packaging license to refer to GPL-3
  * debian/mahara.config: Move -e to a separate line to silence lintian

Available diffs

Superseded in lucid-release on 2009-11-23
mahara (1.1.5-1ubuntu1) lucid; urgency=low

  [ Francois Marier ]
  * SECURITY UPDATE: privilege escalation (LP: #463082)
    - debian/patches/CVE-2009-3298.dpatch: fix from upstream
    - CVE-2009-3298
  * SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083)
    - debian/patches/CVE-2009-3299.dpatch: fix from upstream
    - CVE-2009-3299
  * Add dpatch support

 -- Jamie Strandboge <email address hidden>   Wed, 04 Nov 2009 11:29:22 -0600

Available diffs

Superseded in karmic-updates on 2010-04-07
Superseded in karmic-security on 2010-04-07
mahara (1.1.5-1ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: privilege escalation (LP: #463082)
    - debian/patches/CVE-2009-3298.dpatch: fix from upstream
    - CVE-2009-3298
  * SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083)
    - debian/patches/CVE-2009-3299.dpatch: fix from upstream
    - CVE-2009-3299
  * Add dpatch support

 -- Francois Marier <email address hidden>   Thu, 29 Oct 2009 17:04:19 +1300
Superseded in jaunty-updates on 2010-04-07
Superseded in jaunty-security on 2010-04-07
mahara (1.0.9-2ubuntu0.5) jaunty-security; urgency=low

  * SECURITY UPDATE: privilege escalation (LP: #463082)
    - debian/patches/CVE-2009-3298.dpatch: fix from upstream
    - CVE-2009-3298
  * SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083)
    - debian/patches/CVE-2009-3299.dpatch: fix from upstream
    - CVE-2009-3299

 -- Francois Marier <email address hidden>   Thu, 29 Oct 2009 16:47:11 +1300
Superseded in jaunty-updates on 2009-11-05
Superseded in jaunty-security on 2009-11-05
mahara (1.0.9-2ubuntu0.4) jaunty-security; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerabilities (LP: #390471)
    - debian/patches/XSS_escaping.dpatch: fix from upstream
    - CVE-2009-2170

 -- Francois Marier <email address hidden>   Mon, 22 Jun 2009 15:04:27 +1200
Superseded in lucid-release on 2009-11-04
Obsolete in karmic-release on 2013-03-04
mahara (1.1.5-1) unstable; urgency=high

  * New Upstream Version
    - fixes multiple xSS vulnerabilities
    - fix for an information disclosure bug
  * Bump Standards-Version to 3.8.2

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  23 Jun 2009 10:37:34 +0100

Available diffs

Superseded in karmic-release on 2009-06-23
mahara (1.1.3-1) unstable; urgency=high

  * New Upstream Version
    - fixes XSS issues in user profile field and text boxes in user views
      (CVE-2009-0664)
    - fixes remote code execution in the bundled copy of html2text
      (CVE-2008-5619, closes: #524778)
  * Bump Standards-Version to 3.8.1 (no changes)
  * Remove execute bit on a bunch of Javascript files (lintian warning)

Available diffs

Superseded in karmic-release on 2009-04-29
Obsolete in jaunty-release on 2013-02-28
mahara (1.0.9-2ubuntu0.3) jaunty; urgency=low

  * SECURITY UPDATE: cross-site scripting vulnerabilities in user profile
    field and text blocks in all views (LP: #364949)
    - debian/patches/CVE-2009-0664.dpatch: fix from upstream
    - CVE-2009-0664

 -- Francois Marier <email address hidden>   Wed, 22 Apr 2009 17:13:39 +1200
Superseded in jaunty-release on 2009-04-22
mahara (1.0.9-2ubuntu0.2) jaunty; urgency=low

  * Upload to correct pocket

Available diffs

Superseded in jaunty-release on 2009-03-19
mahara (1.0.9-2) unstable; urgency=low

  * debian/mahara.postrm: delete the snoopy symlink
  * debian/mahara.postinst: create a lib/smarty/libs symlink when necessary
    (for example on Ubuntu)

Available diffs

Superseded in jaunty-release on 2009-02-17
mahara (1.0.6-1) unstable; urgency=low

  * New upstream version

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  10 Nov 2008 11:57:53 +0000

Available diffs

Superseded in jaunty-release on 2008-11-10
mahara (1.0.5-2) unstable; urgency=high

  * Depend on libphp-snoopy instead of using the embedded copy shipped
    with Mahara (CVE-2008-4796, closes: #504170)
  * Backport upstream's patch (41189c30d198153dc66dc867e160dab948929458)
    to phpmailer (CVE-2007-3125, closes: #504253)
  * Add lintian overrides for the customised embedded libraries

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
mahara (1.0.4-1) unstable; urgency=low

  [ Francois Marier ]
  * Add Swedish debconf translation (closes: #487724). Thanks Martin!
  * Remove outdated NEWS file

  [ Nigel McNie ]
  * New Upstream Version

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  25 Jun 2008 17:21:33 +0100

Available diffs

Superseded in intrepid-release on 2008-06-25
mahara (1.0.3-1) unstable; urgency=low

  [ Nigel McNie ]
  * New Upstream Version
  * Tweak apache rules to give access to some required files (closes: #479858)

  [ Francois Marier ]
  * Bump Standards-Version up to 3.8.0
  * Bump the Postgres version number to 8.3 to match the latest version in sid

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  13 Jun 2008 10:18:16 +0100

Available diffs

Superseded in intrepid-release on 2008-06-13
mahara (1.0.2-1) unstable; urgency=low

  * New Upstream Version

149 of 49 results