lp:ubuntu/lucid-security/mahara
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/mahara
Branch merges
Branch information
Recent revisions
- 20. By Melissa Draper
-
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation (LP: #958841)
- debian/patches/ saml_multi_ default_ config. patch: upstream patch - 19. By Melissa Draper
-
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/ CVE-2011- 2771.patch: upstream patch
- CVE-2011-2771* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/ CVE-2011- 2772.patch: upstream patch
- CVE-2011-2772* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- Session check added (LP: #888358)
- debian/patches/ CVE-2011- 2773.patch: upstream patch
- CVE-2011-2773* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/ mnet_masqueradi ng.patch: upstream patch - 18. By François Marier
-
* SECURITY UPDATE: fixes to session key validation (CSRF)
- debian/patches/ CVE-2011- 1403.patch: upstream patch * SECURITY UPDATE: privilege escalations
- debian/patches/ CVE-2011- 1402.patch: upstream patch * SECURITY UPDATE: information disclosure in AJAX calls
- debian/patches/ CVE-2011- 1404.patch: upstream patch * SECURITY UPDATE: https to http downgrade
- debian/patches/ CVE-2011- 1406.patch: upstream patch * SECURITY UPDATE: sanitisation of HTML emails
- debian/patches/ CVE-2011- 1405.patch: upstream patch - 17. By François Marier
-
* SECURITY UPDATE: cross-site scripting vulnerability
- debian/patches/ CVE-2011- 0439.dpatch: upstream patch
- CVE-2011-0439
- LP: #676336* SECURITY UPDATE: possible cross-site request forgery (deleting blogs)
- debian/patches/ CVE-2011- 0440.dpatch: upstream patch
- CVE-2011-0440 - 16. By François Marier
-
* SECURITY UPDATE: multiple cross-site scripting vulnerabilities
- debian/patches/ CVE-2010- 1667.patch: upstream patch
- CVE-2010-1667* SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
- debian/patches/ CVE-2010- 1668.patch: upstream patch
- CVE-2010-1668* SECURITY UPDATE: SQL injection
- debian/patches/ CVE-2010- 1669.patch: upstream patch
- CVE-2010-1669* SECURITY UPDATE: unsafe auth plugins configuration options
- debian/patches/ CVE-2010- 1670.patch: upstream patch
- CVE-2010-1670* SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
- depend on php-htmlpurifier and stop using the bundled version
- CVE-2010-2479 - 12. By François Marier
-
* New upstream release
- Privilege escalation fix (CVE-2009-3298)
- XSS fix (CVE-2009-3299)* Bump Standards-Version up to 3.8.3
* Switch packaging license to refer to GPL-3
* debian/mahara. config: Move -e to a separate line to silence lintian - 11. By Jamie Strandboge
-
[ Francois Marier ]
* SECURITY UPDATE: privilege escalation (LP: #463082)
- debian/patches/ CVE-2009- 3298.dpatch: fix from upstream
- CVE-2009-3298
* SECURITY UPDATE: cross-site scripting vulnerability (LP: #463083)
- debian/patches/ CVE-2009- 3299.dpatch: fix from upstream
- CVE-2009-3299
* Add dpatch support
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/mahara