Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: mahara (Ubuntu Intrepid)
Status: New => Invalid
--
CVE-2009-0660 Multiple XSS vulnerabilities in Mahara 1.0.9
https://bugs.launchpad.net/bugs/
This bug was fixed in the package mahara - 1.0.9-2ubuntu0.2
---
mahara (1.0.9-2ubuntu0.2) jaunty; urgency=low
* Upload to correct pocket
mahara (1.0.9-2ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities in user
profile da
** Changed in: mahara (Ubuntu Intrepid)
Status: Invalid => New
--
CVE-2009-0660 Multiple XSS vulnerabilities in Mahara 1.0.9
https://bugs.launchpad.net/bugs/340863
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs ma
If Intrepid is unusable another bug should be filed against it detailing
the problems, with the fixes (if you know them). A StableReleaseUpdate
(SRU) could then be applied for that makes it usable again (and also
fixing this security issue).
--
CVE-2009-0660 Multiple XSS vulnerabilities in Mahara
Here's a patched 1.0.9-2 package which I have built and tested.
It is based on the upstream 1.0 patch that was sent to vendor-sec.
** Attachment added: "mahara-1.0.9-2ubuntu0.1 debdiff"
http://launchpadlibrarian.net/23814149/mahara_xss_fixes.deb.diff
** Changed in: mahara (Ubuntu Jaunty)
No point in fixing intrepid as that version of the package is completely
unusable.
** Changed in: mahara (Ubuntu Intrepid)
Status: Confirmed => Invalid
--
CVE-2009-0660 Multiple XSS vulnerabilities in Mahara 1.0.9
https://bugs.launchpad.net/bugs/340863
You received this bug notification b
Since this package will require new packaging of the upstream source (as
opposed to a simple sync request from Debian (sid and testing have 1.1
now)), it does require an FFE and the corresponding review. Once
reviewed, it can be uploaded to Jaunty. See
https://wiki.ubuntu.com/FreezeExceptionProcess
I understand that there is a feature freeze, but is a freeze exception
needed even if the new upstream version doesn't introduce new features?
Mahara 1.0.x is currently the old stable version and so it only gets bug
fixes (see the release notes at
http://mahara.org/interaction/forum/topic.php?id=3
Also, as this package is in universe and is community supported, perhaps
you could prepare a debdiff for Intrepid to fix this by following
https://wiki.ubuntu.com/SecurityUpdateProcedures. Thanks!
--
CVE-2009-0660 Multiple XSS vulnerabilities in Mahara 1.0.9
https://bugs.launchpad.net/bugs/340863
Thank you for using Ubuntu and taking the time to report a bug. Marking
as public since upstream has a fix out. We are currently in
FeatureFreeze so a patch to the existing package in Jaunty is needed.
** Visibility changed to: Public
** Changed in: mahara (Ubuntu Intrepid)
Status: New =>
10 matches
Mail list logo
