This bug was fixed in the package mahara - 1.1.5-1ubuntu0.2
---------------
mahara (1.1.5-1ubuntu0.2) karmic-security; urgency=low
* SECURITY UPDATE: SQL injection (LP: #556369)
- debian/patches/CVE-2010-0400.dpatch: fix from upstream
- CVE-2010-0400
-- Francois Marier <[email protected]> Tue, 06 Apr 2010 22:35:16 +1200
** Changed in: mahara (Ubuntu Karmic)
Status: Confirmed => Fix Released
** Changed in: mahara (Ubuntu Jaunty)
Status: Confirmed => Fix Released
--
SQL injection in username field
https://bugs.launchpad.net/bugs/556369
You received this bug notification because you are a member of Mahara
Core, which is the registrant for Mahara.
Status in Mahara ePortfolio: Fix Released
Status in “mahara” package in Ubuntu: Invalid
Status in “mahara” source package in Lucid: Invalid
Status in “mahara” source package in Jaunty: Fix Released
Status in “mahara” source package in Karmic: Fix Released
Bug description:
Binary package hint: mahara
There is an exploitable SQL injection in the code used to generate new
usernames.
I will attach here debdiffs for both jaunty and karmic.
For lucid, I will file a separate sync request.
( Also see upstream bug report at https://bugs.launchpad.net/mahara/+bug/534172
and the upstream security advisory at
http://mahara.org/interaction/forum/topic.php?id=1713 )
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
