This bug was fixed in the package mahara - 1.2.7-1ubuntu0.2
---------------
mahara (1.2.7-1ubuntu0.2) natty-security; urgency=low
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/CVE-2011-2771.patch: upstream patch
- CVE-2011-2771
* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/CVE-2011-2772.patch: upstream patch
- CVE-2011-2772
* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/CVE-2011-2773.patch: upstream patch
- CVE-2011-2773
* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/mnet_masquerading.patch: upstream patch
-- Melissa Draper <[email protected]> Wed, 02 Nov 2011 21:50:04 +0000
** Changed in: mahara (Ubuntu Maverick)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/888358
Title:
Several security updates for Mahara
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
