[ubuntu/maverick-security] mahara, mahara_1.2.5-2ubuntu0.3_i386_translations.tar.gz 1.2.5-2ubuntu0.3 (Accepted)

[Melissa Draper]

mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low

  * SECURITY UPDATE: XSS in unvalidated URI attributes
    - Added a filter to sanitise user input urls (LP: #888358)
    - debian/patches/CVE-2011-2771.patch: upstream patch
    - CVE-2011-2771

  * SECURITY UPDATE: DoS attack via invalid or excessively large images
    - Added a check to evaluate available memory before processing
      (LP: #888358)
    - debian/patches/CVE-2011-2772.patch: upstream patch
    - CVE-2011-2772

  * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
    them to an institution
    - Session check added (LP: #888358)
    - debian/patches/CVE-2011-2773.patch: upstream patch
    - CVE-2011-2773

  * SECURITY UPDATE: Prevent masquerading users from jumping as others
    - Added a check to prevent jumping as other users. (LP: #888358)
    - debian/patches/mnet_masquerading.patch: upstream patch

Date: Tue, 08 Nov 2011 18:59:14 +1300
Changed-By: Melissa Draper <meli...@catalyst.net.nz>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/mahara/1.2.5-2ubuntu0.3

Format: 1.8
Date: Tue, 08 Nov 2011 18:59:14 +1300
Source: mahara
Binary: mahara mahara-apache2
Architecture: source
Version: 1.2.5-2ubuntu0.3
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Melissa Draper <meli...@catalyst.net.nz>
Description: 
 mahara     - Electronic portfolio, weblog, and resume builder
 mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 
config
Launchpad-Bugs-Fixed: 888358
Changes: 
 mahara (1.2.5-2ubuntu0.3) maverick-security; urgency=low
 .
   * SECURITY UPDATE: XSS in unvalidated URI attributes
     - Added a filter to sanitise user input urls (LP: #888358)
     - debian/patches/CVE-2011-2771.patch: upstream patch
     - CVE-2011-2771
 .
   * SECURITY UPDATE: DoS attack via invalid or excessively large images
     - Added a check to evaluate available memory before processing
       (LP: #888358)
     - debian/patches/CVE-2011-2772.patch: upstream patch
     - CVE-2011-2772
 .
   * SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
     them to an institution
     - Session check added (LP: #888358)
     - debian/patches/CVE-2011-2773.patch: upstream patch
     - CVE-2011-2773
 .
   * SECURITY UPDATE: Prevent masquerading users from jumping as others
     - Added a check to prevent jumping as other users. (LP: #888358)
     - debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1: 
 f7f75998ffd4254085de1a08fa6dd4773ee9e7ca 2021 mahara_1.2.5-2ubuntu0.3.dsc
 ceed8ef28c83b57be311adad7ea50f64c801dbc8 28563 
mahara_1.2.5-2ubuntu0.3.debian.tar.gz
Checksums-Sha256: 
 67b419154b2e1772f96f5ee39ff3a2d3649ec11941c99a7aacc122dd84a8fa83 2021 
mahara_1.2.5-2ubuntu0.3.dsc
 a3df6822600621aa6acd31b4be75e165edf2fefddd2b5c56ed2ed8ff015cbc2d 28563 
mahara_1.2.5-2ubuntu0.3.debian.tar.gz
Files: 
 7950654850cf2f3112f15211aabf5868 2021 web optional mahara_1.2.5-2ubuntu0.3.dsc
 0510d8f5a49e4ea1dec18f15807980a7 28563 web optional 
mahara_1.2.5-2ubuntu0.3.debian.tar.gz
Original-Maintainer: Mahara Packaging Team 
<mahara-packag...@lists.launchpad.net>

-- 
Maverick-changes mailing list
Maverick-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/maverick-changes