Sync mahara 1.2.4-1 (universe) from Debian sid (main)

Bug #556407 reported by François Marier
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mahara (Ubuntu)
Wishlist
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/mahara
 status new
 importance wishlist
 subscribe ubuntu-sponsors
 done

Please sync mahara 1.2.4-1 (universe) from Debian sid (main)

Changelog entries since current lucid version 1.2.0-2:

mahara (1.2.4-1) unstable; urgency=high

  * New upstream release
    - fix for SQL injection (CVE-2010-0400)

 -- Francois Marier <email address hidden> Tue, 06 Apr 2010 21:07:03 +1200

mahara (1.2.3-1) unstable; urgency=low

  * New upstream release
  * Fix error in postrm script for when /usr/share/mahara/theme/ doesn't exist

  * Bump Standards-Version to 3.8.4
  * Switch team maintenance email address to a Launchpad mailing list

 -- Francois Marier <email address hidden> Mon, 08 Feb 2010 11:58:22 +1300
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBCAAGBQJLuxhWAAoJEBYoHy4AfJjRXlMP/RGxzGdCLkQibvlIslRxvDKU
USt7A5Wz8r8gkwYlylqPgNjJMtYYyCkSq1CMcXcnBNQJnegqhJWeyHE3Tsk7rwLu
C/zf66ak9L55AY5qGhqN4NG2Zzk1hjkHGauVkNJCYH/uI2MroBCt/AjAw4i4GeCU
6ipQzv6tvpaCFlgsTM0/1B+eb01wYHMfOmrFH66D1gBiDdWsI/fmx37im0xpjOYT
GynzZr1JsxM7MIVlL3pF1JEnap0u9hmfcvJZq3vifZURauMwKrpAP6mGECDXPS6o
5wP1Ymt3HqP1KaKq/HJ+dVZKRstdZBdqZJp9hKUZ3r7TWKdODyVcMKFhjQ/n3ZSI
hCXONgB2Ggm0mmQFuJXJq82+D5riR1YqNxDsLDwkenY2ZsaClg9XHpoIEtzLr8tu
DQElaAb2RrddFzzke9VJu7vWQ8pTQkHPdrTB0MSVyjxXCKnlGlEOqpfZ2nzcUAgP
HG6L/xoqWEOdvX9/ig5FrIHqRCEWUWW4tLAZ/A+6LzLkfvxbGSveEuayrbOTMkP5
sryTbmWDRVOcmm+sH9plsRCIhIvR6tQncKJf0Q9JVyX1esUCD+w+LT0j7OljBtRC
vbjTf3+awGUWiPopbsGj6gRsp6ih3h60k/HAVButjW15rlYpDxQBsI1DU1YrHoCB
HEOdJV3bZTkFl6BXV/Kv
=oga0
-----END PGP SIGNATURE-----

CVE References

security vulnerability: no → yes
Revision history for this message
François Marier (fmarier) wrote :

Note that this new version of Mahara includes a very important security fix (also see Bug #556369) but it also includes a number of important upstream bug fixes:

- many browser fixes (IE6, Chrome, Safari)
- view feedback
- zip and flv file uploads
- html export
- forum post emails
- saml authentication
- blog post deletion, and more

MySQL users are especially urged to upgrade from 1.2.0 because of major bugs which have been fixed since the initial 1.2 release.

This is why I am requesting a sync from Debian instead of just fixing the security issue. I think that the LTS should be based on a more solid release of Mahara.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. FFe approved. Leaving at New for sponsor review.

Revision history for this message
Daniel Holbach (dholbach) wrote :

ACKed.

Changed in mahara (Ubuntu):
status: New → Triaged
Revision history for this message
James Westby (james-w) wrote :

2010-04-12 11:02:47 INFO - <mahara_1.2.4.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
[Updating] mahara (1.2.0-2ubuntu1 [Ubuntu] < 1.2.4-1 [Debian])
 * Trying to add mahara...
2010-04-12 11:02:49 INFO - <mahara_1.2.4-1.dsc: downloading from http://ftp.debian.org/debian/>
2010-04-12 11:02:49 INFO - <mahara_1.2.4-1.debian.tar.gz: downloading from http://ftp.debian.org/debian/>
I: mahara [universe] -> mahara_1.2.0-2ubuntu1 [universe].
I: mahara [universe] -> mahara-apache2_1.2.0-2ubuntu1 [universe].

Changed in mahara (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers