[Mahara-core] [Bug 676336] Re: Blogs get deleted without sesskey check

Launchpad Bug Tracker Fri, 08 Apr 2011 15:12:48 -0700

This bug was fixed in the package mahara - 1.2.4-1ubuntu0.2

---------------
mahara (1.2.4-1ubuntu0.2) lucid-security; urgency=low


  * SECURITY UPDATE: cross-site scripting vulnerability
    - debian/patches/CVE-2011-0439.dpatch: upstream patch
    - CVE-2011-0439
    - LP: #676336

  * SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
    - debian/patches/CVE-2011-0440.dpatch: upstream patch
    - CVE-2011-0440
 -- Francois Marier <[email protected]>   Fri, 18 Mar 2011 15:51:03 +1300

-- 
You received this bug notification because you are a member of Mahara
Committers, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/676336

Title:
  Blogs get deleted without sesskey check

Status in Mahara ePortfolio:
  Fix Released
Status in Mahara 1.3 series:
  Fix Released
Status in “mahara” package in Ubuntu:
  Fix Released
Status in “mahara” source package in Lucid:
  Fix Released
Status in “mahara” source package in Maverick:
  Fix Released
Status in “mahara” source package in Natty:
  Fix Released

Bug description:
  Permissions are checked but the sesskey is neither passed nor checked
  e.g. artefact/blog/index.php?delete=123

_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help   : https://help.launchpad.net/ListHelp

[Mahara-core] [Bug 676336] Re: Blogs get deleted without sesskey check

Reply via email to