the masquerading issue is CVE-2011-4118, adding.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4118
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888358
Title:
Several secur
This bug was fixed in the package mahara - 1.2.4-1ubuntu0.4
---
mahara (1.2.4-1ubuntu0.4) lucid-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstrea
This bug was fixed in the package mahara - 1.2.5-2ubuntu0.3
---
mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upst
This bug was fixed in the package mahara - 1.2.7-1ubuntu0.2
---
mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstrea
This bug was fixed in the package mahara - 1.4.0-1ubuntu0.1
---
mahara (1.4.0-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstr
Precise has synced with Sid so it's all good now.
Steve: you're right, that's intended. In 1.4, due to a bug, that script
was unreachable from the UI so it can easily be removed.
** Changed in: mahara (Ubuntu Precise)
Status: Confirmed => Fix Released
--
You received this bug notificatio
Hi Melissa,
In the oneiric debdiff, the patch for CVE-2011-2773 is significantly
different from the one for prior versions (it removes
addtoinstitution.php outright where the others add the session check).
Based on perusing bug 800032, I'm assuming this is intended and will
adjust the changelog to
I've uploaded new patches with the requested alterations to
debian/control and debian/changelog.
Did francois' comment above regarding Debian maintenance contain
sufficient information regarding your query about the DEP-5 headers?
Is there anything else specific we need to do to get this reviewed
** Patch added: "New patch for oneiric"
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358/+attachment/2597128/+files/oneiric.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888358
Ti
** Patch added: "New patch for natty"
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358/+attachment/2597119/+files/natty.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888358
Title:
** Patch added: "New patch for maverick"
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358/+attachment/2597114/+files/maverick.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888358
** Patch added: "New patch for lucid"
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358/+attachment/2597113/+files/lucid.diff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888358
Title:
All of these patches come from the upstream developers (who are also the
Debian maintainers for the mahara package).
The 1.2 patches were made custom for Debian, the 1.4 ones were included
as part of the 1.4.1 release.
--
You received this bug notification because you are a member of Ubuntu
Bugs
** Also affects: mahara (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: mahara (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: mahara (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: mahara (Ubuntu Oneiric)
Thanks for reporting this bug and attaching a series of debdiffs. As
these are security uploads, they need to be sponsored by the security
team.
The patches look great. Whilst reviewing, I did notice a couple of trivial
things:
- debian/control: The Maintainer field update wouldn't normally be
** Patch added: "debdiff for oneiric"
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358/+attachment/2591388/+files/oneiric.diff
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2771
** CVE added: http://www.cve.mitre.org/cgi-
b
16 matches
Mail list logo