Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: mahara (Ubuntu Intrepid)
Status: Confirmed = Invalid
--
Cross-site scripting vulnerabilities
https://bugs.launchpad.net/bugs/390471
You
Re-linked CVE links that were removed. Please double check them.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2170
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2171
--
Cross-site scripting vulnerabilities
https://bugs.launchpad.net/bugs/390471
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2170
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2171
--
Cross-site scripting vulnerabilities
https://bugs.launchpad.net/bugs/390471
You received this bug notification because you are a member of
** Branch linked: lp:~ubuntu-branches/ubuntu/jaunty/mahara/jaunty-
security
--
Cross-site scripting vulnerabilities
https://bugs.launchpad.net/bugs/390471
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
This bug was fixed in the package mahara - 1.0.9-2ubuntu0.4
---
mahara (1.0.9-2ubuntu0.4) jaunty-security; urgency=low
* SECURITY UPDATE: cross-site scripting vulnerabilities (LP: #390471)
- debian/patches/XSS_escaping.dpatch: fix from upstream
- CVE-2009-2170
-- Francois
Marking Intrepid back to Confirmed, since there is no debdiff.
François, thanks for your response and debdiff. Regarding Intrepid's
usability, if you are up to it, feel free to fix it following
https://wiki.ubuntu.com/StableReleaseUpdates with any security patches
added in.
** Changed in: mahara
François, I reviewed the debdiff and it didn't quite follow
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Most
notably there was no CVE reference and the distribution name was simply
'jaunty' (it should have been 'jaunty-security'. We also encourage using
** Changed in: mahara (Ubuntu Jaunty)
Status: In Progress = Fix Committed
--
Cross-site scripting vulnerabilities
https://bugs.launchpad.net/bugs/390471
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Karmic now has 1.1.5-1 and is not affected.
** Also affects: mahara (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Also affects: mahara (Ubuntu Jaunty)
Importance: Undecided
Status: New
** Also affects: mahara (Ubuntu Karmic)
Importance: Undecided
Status:
Marking 'In Progress' as per
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.
François, would it be possible to update the debdiff to include
http://mahara.org/interaction/forum/topic.php?id=753 (CVE-2009-2171)?
Are you planning on supplying a debdiff for Intrepid?
** CVE added:
Hi Jamie,
The version in jaunty/intrepid is not affected by CVE-2009-2171 since
that problems was introduced in the 1.1 series of Mahara.
In terms of the intrepid package, I believe that, like with previous
security fixes, we can ignore it because it has never worked at all
(e.g. can't login).
** Visibility changed to: Public
--
Cross-site scripting vulnerabilities
https://bugs.launchpad.net/bugs/390471
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
12 matches
Mail list logo
