CVE-2009-0660 Multiple XSS vulnerabilities in Mahara 1.0.9
Bug #340863 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mahara (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Intrepid |
Invalid
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mahara
The latest version of Mahara 1.0.x (1.0.10) fixes a number of XSS bugs in user profile data and blogs.
This is the official Mahara security advisory: http://
The CVE issue itself doesn't appear to be public yet, but I have attached the patch I sent over to vendor-sec.
Given that Mahara 1.0.10 doesn't bring new features, only bug fixes, I would recommend that Ubuntu simply upgrade to that version for Jaunty. Otherwise I can prepare a patched 1.0.9-1+ubuntu1 package.
CVE References
Changed in mahara: | |
status: | Invalid → New |
To post a comment you must log in.
Thank you for using Ubuntu and taking the time to report a bug. Marking as public since upstream has a fix out. We are currently in FeatureFreeze so a patch to the existing package in Jaunty is needed.