Major security updates for Mahara
Bug #780917 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mahara (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned | ||
Natty |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mahara
Here are packages to fix a number of very serious security issues in all versions of Mahara:
* fixes to session key validation (CSRF)
* privilege escalations
* information disclosure in AJAX calls
* https to http downgrade
* sanitisation of HTML emails
tags: | added: patch |
Changed in mahara (Ubuntu Natty): | |
status: | Fix Committed → Fix Released |
Changed in mahara (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Changed in mahara (Ubuntu Lucid): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
All of these patches were tested in their respective distro versions.