lp:debian/squeeze/mahara
- Get this branch:
- bzr branch lp:debian/squeeze/mahara
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 22. By Melissa Draper
-
* SECURITY UPDATE: Fix XSS in pagination URL
- debian/patches/ CVE-2012- 2253.patch: upstream patch * SECURITY UPDATE: Disable XML entity parsing to prevent XEE
- debian/patches/ CVE-2012- 2239.patch: upstream patch * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
- Content passed to the error message was not escaped
- Escape pieform errors displayed to users
- debian/patches/ CVE-2012- 2243-0001. patch: upstream patch
- XHTML files prone to embedded javascript
- Prevent uploaded xhtml files from displaying verbatim
- debian/patches/ CVE-2012- 2243-0002. patch: upstream patch * SECURITY UPDATE: Arbitrary file execution via clam path
- Remove executable bit from existing uploaded files
- debian/patches/ CVE-2012- 2244-0001. patch: upstream patch
- Ensure future files will not be executable
- debian/patches/ CVE-2012- 2244-0002. patch: upstream patch
- Remove direct path option from web configuration
- debian/patches/ CVE-2012- 2244-0003. patch: upstream patch * SECURITY UPDATE: Prevent click-jacking attacks
- Add a HTTP header of X-Frame-Options to every page
- debian/patches/ CVE-2012- 2246.patch: upstream patch * SECURITY UPDATE: Prevent SVG images being displayed
- SVG images displayed inline
- Adds SVG files to the list of files to not display by default
- debian/patches/ CVE-2012- 2247.patch: upstream patch - 21. By Melissa Draper
-
* SECURITY UPDATE: Fix multiple cross-site scripting vulnerabilities
- Json-encode login form when injected by js
- Sanitize links in links and resources menu
- debian/patches/ CVE-2012- 2237-0001. patch: upstream patch
- debian/patches/ CVE-2012- 2237-0002. patch: upstream patch - 20. By François Marier
-
* SECURITY UPDATE: fix unsanitised URIs in external feed block (XSS)
- debian/patches/ CVE-2011- 2771.patch: upstream patch * SECURITY UPDATE: fix DoS when large or invalid images are uploaded
- debian/patches/ CVE-2011- 2772.patch: upstream patch * SECURITY UPDATE: fix CSRF when adding a user to an institution
- debian/patches/ CVE-2011- 2773.patch: upstream patch * SECURITY UPDATE: prevent masquerading as another user through MNet
- debian/patches/ mnet_masqueradi ng.patch: upstream patch - 19. By François Marier
-
* SECURITY UPDATE: fixes to session key validation (CSRF)
- debian/patches/ CVE-2011- 1403.patch: upstream patch * SECURITY UPDATE: privilege escalations
- debian/patches/ CVE-2011- 1402.patch: upstream patch * SECURITY UPDATE: information disclosure in AJAX calls
- debian/patches/ CVE-2011- 1404.patch: upstream patch * SECURITY UPDATE: https to http downgrade
- debian/patches/ CVE-2011- 1406.patch: upstream patch * SECURITY UPDATE: sanitisation of HTML emails
- debian/patches/ CVE-2011- 1405.patch: upstream patch - 18. By François Marier
-
* Move flowplayer.audio to the contrib package as well
* Add an allow rule in apache.conf for flowplayer.audio - 17. By François Marier
-
* Remove postgresql8.3 from recommends, add postgresql8.4
* Add mysql-server-5.1 to recommends - 16. By François Marier
-
* New upstream release
- multiple cross-site scripting vulnerabilities (CVE-2010-1667)
- multiple cross-site request forgery vulnerabilities (CVE-2010-1668)
- sql injection (CVE-2010-1669)
- unsafe auth plugins configuration options (CVE-2010-1670)* Use system's version of HTML purifier (CVE-2010-2479)
* Add missing symlink to PEAR's File module to fix csv parsing* Remove reference to the common BSD license in debian/copyright
* Bump Standards-Version to 3.9.0 - 14. By François Marier
-
* New upstream release
* Fix error in postrm script for when /usr/share/mahara/ theme/ doesn't exist * Bump Standards-Version to 3.8.4
* Switch team maintenance email address to a Launchpad mailing list
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)