mahara 1.2.4-1ubuntu0.4 source package in Ubuntu


mahara (1.2.4-1ubuntu0.4) lucid-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - Session check added (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch
 -- Melissa Draper <email address hidden>   Wed, 02 Nov 2011 21:26:46 +0000

Upload details

Uploaded by:
Melissa Draper on 2011-11-15
Sponsored by:
Steve Beattie
Uploaded to:
Original maintainer:
Ubuntu Developers
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


Lucid: [FULLYBUILT] i386


File Size SHA-256 Checksum
mahara_1.2.4.orig.tar.gz 8.8 MiB 3ec80659ecb49812b45f521f8e9f25ec1211dd7942444a10a626521a10861424
mahara_1.2.4-1ubuntu0.4.debian.tar.gz 32.9 KiB 8bff4be087a60805f6dec46ebd9fc146dc724890736cb1a7a37b2662d4eebe87
mahara_1.2.4-1ubuntu0.4.dsc 2.0 KiB b93634a0036cad625d7149b870a7f1616211091684bb7abced68610b435bc43e

View changes file

Binary packages built by this source

mahara: No summary available for mahara in ubuntu lucid.

No description available for mahara in ubuntu lucid.

mahara-apache2: No summary available for mahara-apache2 in ubuntu lucid.

No description available for mahara-apache2 in ubuntu lucid.