François, if you could in the future include URLs to the patches, it would be much easier to reconcile them:
+Origin: upstream, commit:3b1dc78070988b68fa7a8495c19957d83c204d95 maps to: http://gitorious.org/mahara/mahara/commit/3b1dc78070988b68fa7a8495c19957d83c204d95 +Origin: upstream, commit:fcee1996e56588f2f0f54f627d3b75e695b03e1b maps to: http://gitorious.org/mahara/mahara/commit/fcee1996e56588f2f0f54f627d3b75e695b03e1b Which took a fair bit of investigation to figure out. However, these look exactly clean, and the patches fix a security vulnerability, so I see no reason to delay uploading them. As Artur said, the url would be much more useful than just the commit ID. I've built with the debdiffs for lucid and maverick, and installed them. I was able to perform the mahara install and browse the site. I didn't try to reproduce the security vulnerabilities, as creating users and sending emails from inside a chroot can be difficult, but the code fixes are extremely straightforward and identical to the patches applied upstream, so I'm confident the issue is resolved. As such I've marked the Lucid and Maverick tasks as confirmed. -- You received this bug notification because you are a member of Mahara Committers, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/676336 Title: Blogs get deleted without sesskey check Status in Mahara ePortfolio: Fix Released Status in Mahara 1.3 series: Fix Released Status in “mahara” package in Ubuntu: Fix Released Status in “mahara” source package in Lucid: Confirmed Status in “mahara” source package in Maverick: Confirmed Status in “mahara” source package in Natty: Fix Released Bug description: Permissions are checked but the sesskey is neither passed nor checked e.g. artefact/blog/index.php?delete=123 _______________________________________________ Mailing list: https://launchpad.net/~mahara-core Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-core More help : https://help.launchpad.net/ListHelp
