Ubuntu
mahara package

SQL injection in username field

Bug #556369 reported by François Marier on 2010-04-06

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	Critical	Unassigned
	mahara (Ubuntu)	Invalid	Undecided	Unassigned
	Jaunty	Fix Released	High	Unassigned
	Karmic	Fix Released	High	Unassigned
	Lucid	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: mahara

There is an exploitable SQL injection in the code used to generate new usernames.

I will attach here debdiffs for both jaunty and karmic.

For lucid, I will file a separate sync request.

( Also see upstream bug report at https://bugs.launchpad.net/mahara/+bug/534172 and the upstream security advisory at http://mahara.org/interaction/forum/topic.php?id=1713 )

See original description

Related branches

lp:ubuntu/jaunty-security/mahara

lp:ubuntu/karmic-security/mahara

CVE References

2010-0400

Revision history for this message

François Marier (fmarier) wrote on 2010-04-06:

#1

Patch from upstream Edit (484 bytes, text/plain)

Changed in mahara:
status:	New → Fix Released
importance:	Undecided → Critical
description:	updated

Revision history for this message

François Marier (fmarier) wrote on 2010-04-06:

#2

Debdiff for the karmic package Edit (2.2 KiB, text/plain)

Revision history for this message

François Marier (fmarier) wrote on 2010-04-06:

#3

Debdiff for the jaunty package Edit (2.2 KiB, text/plain)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-04-06:

#4

Marking Invalid for Lucid. See bug #556407 instead (sync request).

Changed in mahara (Ubuntu Lucid):
status:	New → Invalid
visibility:	private → public

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-04-06:

#5

Subscribing ubuntu-security-sponsors per https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue.

Changed in mahara (Ubuntu Jaunty):
status:	New → Confirmed
importance:	Undecided → High
Changed in mahara (Ubuntu Karmic):
status:	New → Confirmed
importance:	Undecided → High

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2010-04-06:

#6

ACK to the jaunty and karmic debdiffs.

Updated packages will be published today.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-04-07:

#7

This bug was fixed in the package mahara - 1.1.5-1ubuntu0.2

---------------
mahara (1.1.5-1ubuntu0.2) karmic-security; urgency=low

  * SECURITY UPDATE: SQL injection (LP: #556369)
    - debian/patches/CVE-2010-0400.dpatch: fix from upstream
    - CVE-2010-0400
-- Francois Marier <email address hidden> Tue, 06 Apr 2010 22:35:16 +1200

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-04-07:

#8

This bug was fixed in the package mahara - 1.0.9-2ubuntu0.6

---------------
mahara (1.0.9-2ubuntu0.6) jaunty-security; urgency=low

  * SECURITY UPDATE: SQL injection (LP: #556369)
    - debian/patches/CVE-2010-0400.dpatch: fix from upstream
    - CVE-2010-0400
-- Francois Marier <email address hidden> Tue, 06 Apr 2010 22:58:53 +1200

Changed in mahara (Ubuntu Jaunty):
status:	Confirmed → Fix Released
Changed in mahara (Ubuntu Karmic):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.