Hi Jamie, The version in jaunty/intrepid is not affected by CVE-2009-2171 since that problems was introduced in the 1.1 series of Mahara.
In terms of the intrepid package, I believe that, like with previous security fixes, we can ignore it because it has never worked at all (e.g. can't login). It's only with jaunty that Ubuntu is shipping a functional Mahara. Cheers, Francois ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2171 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-2171 -- Cross-site scripting vulnerabilities https://bugs.launchpad.net/bugs/390471 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
