** Description changed: + [Problem] + Minor security issue in past versions of Mahara. + [Impact] - <fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release> + Security issue. Could allow for impersonation. [Development Fix] - <fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. > + Fixed upstream in the 1.4.1 release which was brought into Debian Nov 4, 2011 as version 1.4.1-1 (which fixes CVE-2011-2771, CVE-2011-2772, CVE-2011-2773, CVE-2011-2774). This version was sync'd into Ubuntu precise. + [Stable Fix] - <fill me in by pointing out a minimal patch applicable to the stable version of the package.> + lucid, maverick, and natty carry 1.2.x which is affected by this issue. oneiric carries 1.4.0 and is also affected. Debdiff patches to fix all four versions are attached in comments 7,8,9,10 respectively. [Text Case] <fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.> 1. 2. 3. - Broken Behavior: - Fixed Behavior: + Broken Behavior: + Fixed Behavior: [Regression Potential] - <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected. + <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected. [Original Report] Here are patches to fix a minor security issue in lucid, maverick, natty and oneiric versions of Mahara The issue affects both 1.2.x and 1.4.x * Fix default config for sites with multiple SAML instances - Default configuration changed to prevent impersonation - https://mahara.org/interaction/forum/topic.php?id=4367
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/958841 Title: Minor security update for Mahara To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/958841/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
