Ubuntu
mahara package

  1. Bug #602772
  2. Comment #7

Comment 7 for bug 602772

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

mahara (1.2.4-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities
    - debian/patches/CVE-2010-1667.patch: upstream patch
    - CVE-2010-1667

  * SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
    - debian/patches/CVE-2010-1668.patch: upstream patch
    - CVE-2010-1668

  * SECURITY UPDATE: SQL injection
    - debian/patches/CVE-2010-1669.patch: upstream patch
    - CVE-2010-1669

  * SECURITY UPDATE: unsafe auth plugins configuration options
    - debian/patches/CVE-2010-1670.patch: upstream patch
    - CVE-2010-1670

  * SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
    - depend on php-htmlpurifier and stop using the bundled version
    - CVE-2010-2479