Francois Marier wrote: > (Please CC me on your replies, thanks!) > > Hello, > > The version of mahara that's in lenny (1.0.4-3) has an XSS vulnerability as > reported in the release notes: > > http://mahara.org/interaction/forum/topic.php?id=198 > > (no Debian bug or CVE number for it at the moment) > > There is a new upstream release (1.0.9) containing these fixes in > sid. However, given that it contains other non-security changes, I have also > prepared a patched 1.0.4 version for lenny. > > I have attached the very small debdiff between -3 and -4 to this email. > > Please let me know whether I should upload 1.0.4-4 to > testing-proposed-updates or whether you prefer to unblock the package that's > in sid.
Please upload to testing-proposed-updates. Cheers Luk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
