Change log for mahara package in Ubuntu
| 1 → 49 of 49 results | First • Previous • Next • Last |
| Deleted in trusty-release (Reason: (From Debian) RoQA; unmaintained, not in stable, RC buggy...) |
| Obsolete in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
mahara (1.5.1-3.1) unstable; urgency=high
* Non-maintainer upload.
* SECURITY UPDATE: Fix a cross-site scripting (XSS) vulnerability
which allowed remote attackers to inject arbitrary web script or
HTML via the query parameter.
- debian/patches/CVE-2012-2253.patch
- Closes: #695789
-- Luca Falavigna <email address hidden> Sun, 23 Dec 2012 14:53:41 +0100
Available diffs
- diff from 1.5.1-3 to 1.5.1-3.1 (870 bytes)
mahara (1.5.1-3) unstable; urgency=high
* SECURITY UPDATE: Disable XML entity parsing to prevent XEE
- debian/patches/CVE-2012-2239.patch: upstream patch
* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
- Content passed to the error message was not escaped
- Escape pieform errors displayed to users
- debian/patches/CVE-2012-2243-0001.patch: upstream patch
- XHTML files prone to embedded javascript
- Prevent uploaded xhtml files from displaying verbatim
- debian/patches/CVE-2012-2243-0002.patch: upstream patch
* SECURITY UPDATE: Arbitrary file execution via clam path
- Remove executable bit from existing uploaded files
- debian/patches/CVE-2012-2244-0001.patch: upstream patch
- Ensure future files will not be executable
- debian/patches/CVE-2012-2244-0002.patch: upstream patch
- Remove direct path option from web configuration
- debian/patches/CVE-2012-2244-0003.patch: upstream patch
* SECURITY UPDATE: Prevent click-jacking attacks
- Add a HTTP header of X-Frame-Options to every page
- debian/patches/CVE-2012-2246.patch: upstream patch
* SECURITY UPDATE: Prevent SVG images being displayed
- SVG images displayed inline
- Adds SVG files to the list of files to not display by default
- debian/patches/CVE-2012-2247.patch: upstream patch
-- Melissa Draper <email address hidden> Tue, 12 Nov 2012 04:08:09 +0000
Available diffs
- diff from 1.5.1-2.1 to 1.5.1-3 (5.8 KiB)
mahara (1.5.1-2.1) unstable; urgency=low
* Non-maintainer upload
* debian/mahara.preinst: Remove previous symlink that is replaced by a
directory (closes: #690124)
-- David Prévot <email address hidden> Sat, 27 Oct 2012 22:10:31 -0400
Available diffs
- diff from 1.5.1-2 to 1.5.1-2.1 (607 bytes)
mahara (1.5.1-2) unstable; urgency=high
* SECURITY UPDATE: Fix multiple cross-site scripting vulnerabilities
- Sanitize json-encode login form when injected by js
- Sanitize links in links and resources menu
- Sanitize file description for blog image editor
- Add escaping to user_display_name by adding to dwoo template
- debian/patches/CVE-2012-2237-0001.patch: upstream patch
- debian/patches/CVE-2012-2237-0002.patch: upstream patch
- debian/patches/CVE-2012-2237-0003.patch: upstream patch
- debian/patches/CVE-2012-2237-0004.patch: upstream patch
-- Melissa Draper <email address hidden> Mon, 16 Jul 2012 09:37:07 +0000
Available diffs
- diff from 1.5.1-1 to 1.5.1-2 (3.9 KiB)
mahara (1.5.1-1) unstable; urgency=low
[ Melissa Draper ]
* New major upstream release
- Improved password storage
- Database triggers
- php minimum version now 5.3
* Drop dependency on Dwoo and use bundled version instead
* Update versioned dependencies on Postgres and MySQL
* Add libjs-jquery dependency
* Bump Standards-Version up to 3.9.3
* Bump debhelper compatibility to 9
[ Francois Marier ]
* Fix watch file
* Update homepage URL in debian/control
* Update Alioth URLs
-- Melissa Draper <email address hidden> Thu, 31 May 2012 12:03:15 +1200
Available diffs
- diff from 1.4.2-1 to 1.5.1-1 (2.1 MiB)
mahara (1.4.2-1) unstable; urgency=high
* New upstream release
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation
-- Melissa Draper <email address hidden> Wed, 14 Mar 2012 01:53:32 +0000
Available diffs
- diff from 1.4.1-1 (in Ubuntu) to 1.4.2-1 (3.2 KiB)
mahara (1.4.0-1ubuntu0.2) oneiric-security; urgency=low
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation (LP: #958841)
- debian/patches/saml_multi_default_config.patch: upstream patch
-- Melissa Draper <email address hidden> Wed, 21 Mar 2012 14:43:12 +1300
Available diffs
mahara (1.2.7-1ubuntu0.3) natty-security; urgency=low
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation (LP: #958841)
- debian/patches/saml_multi_default_config.patch: upstream patch
-- Melissa Draper <email address hidden> Wed, 21 Mar 2012 01:38:40 +0000
Available diffs
mahara (1.2.5-2ubuntu0.4) maverick-security; urgency=low
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation (LP: #958841)
- debian/patches/saml_multi_default_config.patch: upstream patch
-- Melissa Draper <email address hidden> Wed, 21 Mar 2012 00:23:05 +0000
Available diffs
mahara (1.2.4-1ubuntu0.5) lucid-security; urgency=low
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation (LP: #958841)
- debian/patches/saml_multi_default_config.patch: upstream patch
-- Melissa Draper <email address hidden> Wed, 21 Mar 2012 00:11:15 +0000
Available diffs
mahara (1.2.4-1ubuntu0.4) lucid-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
-- Melissa Draper <email address hidden> Wed, 02 Nov 2011 21:26:46 +0000
Available diffs
mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
-- Melissa Draper <email address hidden> Tue, 08 Nov 2011 18:59:14 +1300
Available diffs
mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
-- Melissa Draper <email address hidden> Wed, 02 Nov 2011 21:50:04 +0000
Available diffs
mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Information disclosure exposing private messages
- User check to ensure they are conversation participant (LP: #888358)
- debian/patches/CVE-2011-2774.patch: upstream patch
- CVE-2011-2774
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
-- Melissa Draper <email address hidden> Thu, 03 Nov 2011 22:32:45 +0000
Available diffs
mahara (1.4.1-1) unstable; urgency=low
* New upstream release
- CVE-2011-2771
- CVE-2011-2772
- CVE-2011-2773
- CVE-2011-2774
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 14 Nov 2011 10:36:24 +0000
Available diffs
- diff from 1.4.0-1 to 1.4.1-1 (68.0 KiB)
mahara (1.4.0-1) unstable; urgency=low
* New major upstream release
- upstream .htaccess file has been removed
* Add missing (empty) build targets in debian/rules (lintian warning)
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 22 Jun 2011 09:36:11 +0000
Available diffs
- diff from 1.3.6-1 to 1.4.0-1 (1.0 MiB)
mahara (1.2.5-2ubuntu0.2) maverick-security; urgency=low
* SECURITY UPDATE: fixes to session key validation (CSRF)
- debian/patches/CVE-2011-1403.patch: upstream patch
* SECURITY UPDATE: privilege escalations
- debian/patches/CVE-2011-1402.patch: upstream patch
* SECURITY UPDATE: information disclosure in AJAX calls
- debian/patches/CVE-2011-1404.patch: upstream patch
* SECURITY UPDATE: https to http downgrade
- debian/patches/CVE-2011-1406.patch: upstream patch
* SECURITY UPDATE: sanitisation of HTML emails
- debian/patches/CVE-2011-1405.patch: upstream patch
-- Francois Marier <email address hidden> Tue, 10 May 2011 16:34:51 +1200
Available diffs
mahara (1.2.7-1ubuntu0.1) natty-security; urgency=low
* SECURITY UPDATE: fixes to session key validation (CSRF)
- debian/patches/CVE-2011-1403.patch: upstream patch
* SECURITY UPDATE: privilege escalations
- debian/patches/CVE-2011-1402.patch: upstream patch
* SECURITY UPDATE: information disclosure in AJAX calls
- debian/patches/CVE-2011-1404.patch: upstream patch
* SECURITY UPDATE: https to http downgrade
- debian/patches/CVE-2011-1406.patch: upstream patch
* SECURITY UPDATE: sanitisation of HTML emails
- debian/patches/CVE-2011-1405.patch: upstream patch
-- Francois Marier <email address hidden> Tue, 10 May 2011 16:36:06 +1200
Available diffs
mahara (1.2.4-1ubuntu0.3) lucid-security; urgency=low
* SECURITY UPDATE: fixes to session key validation (CSRF)
- debian/patches/CVE-2011-1403.patch: upstream patch
* SECURITY UPDATE: privilege escalations
- debian/patches/CVE-2011-1402.patch: upstream patch
* SECURITY UPDATE: information disclosure in AJAX calls
- debian/patches/CVE-2011-1404.patch: upstream patch
* SECURITY UPDATE: https to http downgrade
- debian/patches/CVE-2011-1406.patch: upstream patch
* SECURITY UPDATE: sanitisation of HTML emails
- debian/patches/CVE-2011-1405.patch: upstream patch
-- Francois Marier <email address hidden> Tue, 10 May 2011 16:33:40 +1200
Available diffs
mahara (1.3.6-1) unstable; urgency=high
* New upstream release (major security fixes):
- CVE-2011-1402
- CVE-2011-1403
- CVE-2011-1404
- CVE-2011-1405
- CVE-2011-1406
* Fix versioned dependency of mahara-apache2
* Drop mysql-server-5.0 recommendation
* Bump Standards-Version up to 3.9.2
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 11 May 2011 07:13:52 +0000
Available diffs
- diff from 1.3.5-1 to 1.3.6-1 (4.2 KiB)
mahara (1.3.5-1) unstable; urgency=low
* Major new upstream release
- compatibility with HTML Purifier 4.3.0
* Remove unused Mochikit lintian override
* Update path of flowplayer in debian/rules
* Fix more broken permissions in debian/rules
* Add dependency on ttf-bitstream-vera and remove Mahara's bundled copy
* Sync Uploaders field with Launchpad Team
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:16:11 +0000
Available diffs
- diff from 1.2.7-1 to 1.3.5-1 (2.6 MiB)
mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2011-0439.dpatch: upstream patch
- CVE-2011-0439
- LP: #676336
* SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
- debian/patches/CVE-2011-0440.dpatch: upstream patch
- CVE-2011-0440
-- Francois Marier <email address hidden> Fri, 18 Mar 2011 15:51:03 +1300
Available diffs
mahara (1.2.5-2ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/CVE-2011-0439.dpatch: upstream patch
- CVE-2011-0439
- LP: #676336
* SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
- debian/patches/CVE-2011-0440.dpatch: upstream patch
- CVE-2011-0440
-- Francois Marier <email address hidden> Fri, 25 Mar 2011 16:38:51 +1300
Available diffs
mahara (1.2.7-1) unstable; urgency=high
* New upstream security release:
- CVE-2011-0439 (XSS in select boxes)
- CVE-2011-0440 (CSRF when deleting blogs)
* Add Italian debconf translation (closes: #606378)
* Add Danish debconf translation (closes: #597766)
* Bump debhelper compatibility to 8
-- Artur Rona <email address hidden> Mon, 28 Mar 2011 22:07:25 +0000
Available diffs
- diff from 1.2.6-2 to 1.2.7-1 (18.7 KiB)
mahara (1.2.6-2) unstable; urgency=medium * Move flowplayer.audio to the contrib package as well * Add an allow rule in apache.conf for flowplayer.audio
Available diffs
- diff from 1.2.5-2 to 1.2.6-2 (288.6 KiB)
mahara (1.2.4-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities
- debian/patches/CVE-2010-1667.patch: upstream patch
- CVE-2010-1667
* SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
- debian/patches/CVE-2010-1668.patch: upstream patch
- CVE-2010-1668
* SECURITY UPDATE: SQL injection
- debian/patches/CVE-2010-1669.patch: upstream patch
- CVE-2010-1669
* SECURITY UPDATE: unsafe auth plugins configuration options
- debian/patches/CVE-2010-1670.patch: upstream patch
- CVE-2010-1670
* SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
- depend on php-htmlpurifier and stop using the bundled version
- CVE-2010-2479
-- Francois Marier <email address hidden> Thu, 08 Jul 2010 17:02:43 +1200
Available diffs
mahara (1.1.5-1ubuntu0.3) karmic-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities
- debian/patches/CVE-2010-1667.dpatch: upstream patch
- CVE-2010-1667
* SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
- debian/patches/CVE-2010-1668.dpatch: upstream patch
- CVE-2010-1668
* SECURITY UPDATE: SQL injection
- debian/patches/CVE-2010-1669.dpatch: upstream patch
- CVE-2010-1669
* SECURITY UPDATE: unsafe auth plugins configuration options
- debian/patches/CVE-2010-1670.dpatch: upstream patch
- CVE-2010-1670
* SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
- depend on php-htmlpurifier and stop using the bundled version
- CVE-2010-2479
-- Francois Marier <email address hidden> Thu, 08 Jul 2010 15:27:38 +1200
Available diffs
mahara (1.0.9-2ubuntu0.7) jaunty-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities
- debian/patches/CVE-2010-1667.dpatch: upstream patch
- CVE-2010-1667
* SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
- debian/patches/CVE-2010-1668.dpatch: upstream patch
- CVE-2010-1668
* SECURITY UPDATE: unsafe auth plugins configuration options
- debian/patches/CVE-2010-1670.dpatch: upstream patch
- CVE-2010-1670
* SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
- debian/patches/CVE-2010-2479.dpatch: upstream patch
- CVE-2010-2479
-- Francois Marier <email address hidden> Thu, 08 Jul 2010 14:55:29 +1200
Available diffs
mahara (1.2.5-2) unstable; urgency=low * Remove postgresql8.3 from recommends, add postgresql8.4 * Add mysql-server-5.1 to recommends
Available diffs
- diff from 1.2.4-1 to 1.2.5-2 (39.1 KiB)
mahara (1.2.4-1) unstable; urgency=high
* New upstream release
- fix for SQL injection (CVE-2010-0400)
Available diffs
- diff from 1.2.0-2ubuntu1 to 1.2.4-1 (56.1 KiB)
| Superseded in lucid-release |
mahara (1.2.0-2ubuntu1) lucid; urgency=low * debian/control: Dont recommend mysql-server-5.0. -- Chuck Short <email address hidden> Wed, 07 Apr 2010 11:29:18 -0400
Available diffs
- diff from 1.2.0-2 to 1.2.0-2ubuntu1 (895 bytes)
mahara (1.1.5-1ubuntu0.2) karmic-security; urgency=low * SECURITY UPDATE: SQL injection (LP: #556369) - debian/patches/CVE-2010-0400.dpatch: fix from upstream - CVE-2010-0400 -- Francois Marier <email address hidden> Tue, 06 Apr 2010 22:35:16 +1200
Available diffs
- diff from 1.1.5-1ubuntu0.1 to 1.1.5-1ubuntu0.2 (765 bytes)
mahara (1.0.9-2ubuntu0.6) jaunty-security; urgency=low * SECURITY UPDATE: SQL injection (LP: #556369) - debian/patches/CVE-2010-0400.dpatch: fix from upstream - CVE-2010-0400 -- Francois Marier <email address hidden> Tue, 06 Apr 2010 22:58:53 +1200
Available diffs
- diff from 1.0.9-2ubuntu0.5 to 1.0.9-2ubuntu0.6 (765 bytes)
mahara (1.2.0-2) unstable; urgency=low * Fix postrm script so that Mahara can be uninstalled
Available diffs
- diff from 1.1.7-1 to 1.2.0-2 (1.8 MiB)
mahara (1.1.7-1) unstable; urgency=high
* New upstream release
- Privilege escalation fix (CVE-2009-3298)
- XSS fix (CVE-2009-3299)
* Bump Standards-Version up to 3.8.3
* Switch packaging license to refer to GPL-3
* debian/mahara.config: Move -e to a separate line to silence lintian
Available diffs
- diff from 1.1.5-1ubuntu1 to 1.1.7-1 (178.5 KiB)
| Superseded in lucid-release |
mahara (1.1.5-1ubuntu1) lucid; urgency=low [ Francois Marier ] * SECURITY UPDATE: privilege escalation (LP: #463082) - debian/patches/CVE-2009-3298.dpatch: fix from upstream - CVE-2009-3298 * SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083) - debian/patches/CVE-2009-3299.dpatch: fix from upstream - CVE-2009-3299 * Add dpatch support -- Jamie Strandboge <email address hidden> Wed, 04 Nov 2009 11:29:22 -0600
Available diffs
- diff from 1.1.5-1 to 1.1.5-1ubuntu1 (2.0 KiB)
mahara (1.1.5-1ubuntu0.1) karmic-security; urgency=low * SECURITY UPDATE: privilege escalation (LP: #463082) - debian/patches/CVE-2009-3298.dpatch: fix from upstream - CVE-2009-3298 * SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083) - debian/patches/CVE-2009-3299.dpatch: fix from upstream - CVE-2009-3299 * Add dpatch support -- Francois Marier <email address hidden> Thu, 29 Oct 2009 17:04:19 +1300
Available diffs
mahara (1.0.9-2ubuntu0.5) jaunty-security; urgency=low * SECURITY UPDATE: privilege escalation (LP: #463082) - debian/patches/CVE-2009-3298.dpatch: fix from upstream - CVE-2009-3298 * SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083) - debian/patches/CVE-2009-3299.dpatch: fix from upstream - CVE-2009-3299 -- Francois Marier <email address hidden> Thu, 29 Oct 2009 16:47:11 +1300
Available diffs
mahara (1.0.9-2ubuntu0.4) jaunty-security; urgency=low * SECURITY UPDATE: cross-site scripting vulnerabilities (LP: #390471) - debian/patches/XSS_escaping.dpatch: fix from upstream - CVE-2009-2170 -- Francois Marier <email address hidden> Mon, 22 Jun 2009 15:04:27 +1200
Available diffs
mahara (1.1.5-1) unstable; urgency=high
* New Upstream Version
- fixes multiple xSS vulnerabilities
- fix for an information disclosure bug
* Bump Standards-Version to 3.8.2
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Jun 2009 10:37:34 +0100
Available diffs
- diff from 1.1.3-1 to 1.1.5-1 (40.1 KiB)
mahara (1.1.3-1) unstable; urgency=high
* New Upstream Version
- fixes XSS issues in user profile field and text boxes in user views
(CVE-2009-0664)
- fixes remote code execution in the bundled copy of html2text
(CVE-2008-5619, closes: #524778)
* Bump Standards-Version to 3.8.1 (no changes)
* Remove execute bit on a bunch of Javascript files (lintian warning)
Available diffs
- diff from 1.0.9-2ubuntu0.3 to 1.1.3-1 (633.1 KiB)
mahara (1.0.9-2ubuntu0.3) jaunty; urgency=low
* SECURITY UPDATE: cross-site scripting vulnerabilities in user profile
field and text blocks in all views (LP: #364949)
- debian/patches/CVE-2009-0664.dpatch: fix from upstream
- CVE-2009-0664
-- Francois Marier <email address hidden> Wed, 22 Apr 2009 17:13:39 +1200
Available diffs
| Superseded in jaunty-release |
mahara (1.0.9-2ubuntu0.2) jaunty; urgency=low * Upload to correct pocket
Available diffs
- diff from 1.0.9-2 to 1.0.9-2ubuntu0.2 (4.7 KiB)
mahara (1.0.9-2) unstable; urgency=low
* debian/mahara.postrm: delete the snoopy symlink
* debian/mahara.postinst: create a lib/smarty/libs symlink when necessary
(for example on Ubuntu)
Available diffs
- diff from 1.0.6-1 to 1.0.9-2 (12.0 KiB)
mahara (1.0.6-1) unstable; urgency=low * New upstream version -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 10 Nov 2008 11:57:53 +0000
Available diffs
- diff from 1.0.5-2 to 1.0.6-1 (20.6 KiB)
mahara (1.0.5-2) unstable; urgency=high
* Depend on libphp-snoopy instead of using the embedded copy shipped
with Mahara (CVE-2008-4796, closes: #504170)
* Backport upstream's patch (41189c30d198153dc66dc867e160dab948929458)
to phpmailer (CVE-2007-3125, closes: #504253)
* Add lintian overrides for the customised embedded libraries
Available diffs
- diff from 1.0.4-1 to 1.0.5-2 (36.2 KiB)
mahara (1.0.4-1) unstable; urgency=low [ Francois Marier ] * Add Swedish debconf translation (closes: #487724). Thanks Martin! * Remove outdated NEWS file [ Nigel McNie ] * New Upstream Version -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 25 Jun 2008 17:21:33 +0100
Available diffs
- diff from 1.0.3-1 to 1.0.4-1 (6.0 KiB)
mahara (1.0.3-1) unstable; urgency=low [ Nigel McNie ] * New Upstream Version * Tweak apache rules to give access to some required files (closes: #479858) [ Francois Marier ] * Bump Standards-Version up to 3.8.0 * Bump the Postgres version number to 8.3 to match the latest version in sid -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 13 Jun 2008 10:18:16 +0100
Available diffs
- diff from 1.0.2-1 to 1.0.3-1 (13.2 KiB)
mahara (1.0.2-1) unstable; urgency=low * New Upstream Version
| 1 → 49 of 49 results | First • Previous • Next • Last |
