Sync mahara 1.2.5-1 (universe) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mahara (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Jaunty |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync mahara 1.2.5-1 (universe) from Debian unstable (main)
Changelog entries since current maverick version 1.2.4-1:
mahara (1.2.5-1) unstable; urgency=high
* New upstream release
- multiple cross-site scripting vulnerabilities (CVE-2010-1667)
- multiple cross-site request forgery vulnerabilities (CVE-2010-1668)
- sql injection (CVE-2010-1669)
- unsafe auth plugins configuration options (CVE-2010-1670)
* Use system's version of HTML purifier (CVE-2010-2479)
* Add missing symlink to PEAR's File module to fix csv parsing
* Remove reference to the common BSD license in debian/copyright
* Bump Standards-Version to 3.9.0
-- Francois Marier <email address hidden> Mon, 05 Jul 2010 15:45:27 +1200
Changed in mahara (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
security vulnerability: | no → yes |
tags: | added: patch |
I have just attached debdiffs for jaunty, karmic and lucid to fix all 5 CVE bugs (tested on each Ubuntu release).