Ubuntu
mahara package

  1. Bug #602772
  2. Comment #8

Comment 8 for bug 602772

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

mahara (1.1.5-1ubuntu0.3) karmic-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities
    - debian/patches/CVE-2010-1667.dpatch: upstream patch
    - CVE-2010-1667

  * SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
    - debian/patches/CVE-2010-1668.dpatch: upstream patch
    - CVE-2010-1668

  * SECURITY UPDATE: SQL injection
    - debian/patches/CVE-2010-1669.dpatch: upstream patch
    - CVE-2010-1669

  * SECURITY UPDATE: unsafe auth plugins configuration options
    - debian/patches/CVE-2010-1670.dpatch: upstream patch
    - CVE-2010-1670

  * SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
    - depend on php-htmlpurifier and stop using the bundled version
    - CVE-2010-2479