Ubuntu
mahara package

mahara 1.5.1-3 source package in Ubuntu

Changelog

mahara (1.5.1-3) unstable; urgency=high


  * SECURITY UPDATE: Disable XML entity parsing to prevent XEE
    - debian/patches/CVE-2012-2239.patch: upstream patch

  * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
    - Content passed to the error message was not escaped
    - Escape pieform errors displayed to users
    - debian/patches/CVE-2012-2243-0001.patch: upstream patch
    - XHTML files prone to embedded javascript
    - Prevent uploaded xhtml files from displaying verbatim
    - debian/patches/CVE-2012-2243-0002.patch: upstream patch

  * SECURITY UPDATE: Arbitrary file execution via clam path
    - Remove executable bit from existing uploaded files
    - debian/patches/CVE-2012-2244-0001.patch: upstream patch
    - Ensure future files will not be executable
    - debian/patches/CVE-2012-2244-0002.patch: upstream patch
    - Remove direct path option from web configuration
    - debian/patches/CVE-2012-2244-0003.patch: upstream patch

  * SECURITY UPDATE: Prevent click-jacking attacks
    - Add a HTTP header of X-Frame-Options to every page
    - debian/patches/CVE-2012-2246.patch: upstream patch

  * SECURITY UPDATE: Prevent SVG images being displayed
    - SVG images displayed inline
    - Adds SVG files to the list of files to not display by default
    - debian/patches/CVE-2012-2247.patch: upstream patch

 -- Melissa Draper <email address hidden>  Tue, 12 Nov 2012 04:08:09 +0000

Upload details

Uploaded by:
Mahara Packaging
Uploaded to:
Sid
Original maintainer:
Mahara Packaging
Architectures:
all
Section:
web
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Raring: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
mahara_1.5.1-3.dsc 2.0 KiB 0f8b597f517d29e1a18d21379c5570b1d4a789138e73c66c08ab2cce8ff9a14a
mahara_1.5.1.orig.tar.gz 5.5 MiB 6ff9919185b67352fbde8cecbb46b37c4295f712b7e853f3220751d7d130348f
mahara_1.5.1-3.debian.tar.gz 33.0 KiB 754bb8467589c810f8656cb5a565c5173dcf35da4db8ef8a529bbd9d2f9b6864

Available diffs

No changes file available.

Binary packages built by this source

mahara: No summary available for mahara in ubuntu raring.

No description available for mahara in ubuntu raring.

mahara-apache2: No summary available for mahara-apache2 in ubuntu raring.

No description available for mahara-apache2 in ubuntu raring.

mahara-mediaplayer: No summary available for mahara-mediaplayer in ubuntu raring.

No description available for mahara-mediaplayer in ubuntu raring.