SQL injection in username field

Bug #556369 reported by François Marier
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Critical
Unassigned
mahara (Ubuntu)
Invalid
Undecided
Unassigned
Jaunty
Fix Released
High
Unassigned
Karmic
Fix Released
High
Unassigned
Lucid
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: mahara

There is an exploitable SQL injection in the code used to generate new usernames.

I will attach here debdiffs for both jaunty and karmic.

For lucid, I will file a separate sync request.

( Also see upstream bug report at https://bugs.launchpad.net/mahara/+bug/534172 and the upstream security advisory at http://mahara.org/interaction/forum/topic.php?id=1713 )

Revision history for this message
François Marier (fmarier) wrote :
Changed in mahara:
status: New → Fix Released
importance: Undecided → Critical
description: updated
Revision history for this message
François Marier (fmarier) wrote :
Revision history for this message
François Marier (fmarier) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Marking Invalid for Lucid. See bug #556407 instead (sync request).

Changed in mahara (Ubuntu Lucid):
status: New → Invalid
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Subscribing ubuntu-security-sponsors per https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue.

Changed in mahara (Ubuntu Jaunty):
status: New → Confirmed
importance: Undecided → High
Changed in mahara (Ubuntu Karmic):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK to the jaunty and karmic debdiffs.

Updated packages will be published today.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mahara - 1.1.5-1ubuntu0.2

---------------
mahara (1.1.5-1ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: SQL injection (LP: #556369)
    - debian/patches/CVE-2010-0400.dpatch: fix from upstream
    - CVE-2010-0400
 -- Francois Marier <email address hidden> Tue, 06 Apr 2010 22:35:16 +1200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mahara - 1.0.9-2ubuntu0.6

---------------
mahara (1.0.9-2ubuntu0.6) jaunty-security; urgency=low

  * SECURITY UPDATE: SQL injection (LP: #556369)
    - debian/patches/CVE-2010-0400.dpatch: fix from upstream
    - CVE-2010-0400
 -- Francois Marier <email address hidden> Tue, 06 Apr 2010 22:58:53 +1200

Changed in mahara (Ubuntu Jaunty):
status: Confirmed → Fix Released
Changed in mahara (Ubuntu Karmic):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers