ACK to the jaunty and karmic debdiffs. Updated packages will be published today.
-- SQL injection in username field https://bugs.launchpad.net/bugs/556369 You received this bug notification because you are a member of Mahara Core, which is the registrant for Mahara. Status in Mahara ePortfolio: Fix Released Status in “mahara” package in Ubuntu: Invalid Status in “mahara” source package in Lucid: Invalid Status in “mahara” source package in Jaunty: Confirmed Status in “mahara” source package in Karmic: Confirmed Bug description: Binary package hint: mahara There is an exploitable SQL injection in the code used to generate new usernames. I will attach here debdiffs for both jaunty and karmic. For lucid, I will file a separate sync request. ( Also see upstream bug report at https://bugs.launchpad.net/mahara/+bug/534172 and the upstream security advisory at http://mahara.org/interaction/forum/topic.php?id=1713 ) _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
