lp:ubuntu/oneiric-security/mahara
- Get this branch:
- bzr branch lp:ubuntu/oneiric-security/mahara
Branch merges
Branch information
Recent revisions
- 23. By Melissa Draper
-
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation (LP: #958841)
- debian/patches/ saml_multi_ default_ config. patch: upstream patch - 22. By Melissa Draper
-
* SECURITY UPDATE: XSS in unvalidated URI attributes
- Added a filter to sanitise user input urls (LP: #888358)
- debian/patches/ CVE-2011- 2771.patch: upstream patch
- CVE-2011-2771* SECURITY UPDATE: DoS attack via invalid or excessively large images
- Added a check to evaluate available memory before processing
(LP: #888358)
- debian/patches/ CVE-2011- 2772.patch: upstream patch
- CVE-2011-2772* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
them to an institution
- remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
- debian/patches/ CVE-2011- 2773.patch: upstream patch
- CVE-2011-2773* SECURITY UPDATE: Information disclosure exposing private messages
- User check to ensure they are conversation participant (LP: #888358)
- debian/patches/ CVE-2011- 2774.patch: upstream patch
- CVE-2011-2774* SECURITY UPDATE: Prevent masquerading users from jumping as others
- Added a check to prevent jumping as other users. (LP: #888358)
- debian/patches/ mnet_masqueradi ng.patch: upstream patch - 21. By François Marier
-
* New major upstream release
- upstream .htaccess file has been removed* Add missing (empty) build targets in debian/rules (lintian warning)
- 20. By François Marier
-
* New upstream release (major security fixes):
- CVE-2011-1402
- CVE-2011-1403
- CVE-2011-1404
- CVE-2011-1405
- CVE-2011-1406* Fix versioned dependency of mahara-apache2
* Drop mysql-server-5.0 recommendation
* Bump Standards-Version up to 3.9.2 - 19. By François Marier
-
* Major new upstream release
- compatibility with HTML Purifier 4.3.0* Remove unused Mochikit lintian override
* Update path of flowplayer in debian/rules
* Fix more broken permissions in debian/rules
* Add dependency on ttf-bitstream-vera and remove Mahara's bundled copy
* Sync Uploaders field with Launchpad Team - 18. By François Marier
-
* New upstream security release:
- CVE-2011-0439 (XSS in select boxes)
- CVE-2011-0440 (CSRF when deleting blogs)* Add Italian debconf translation (closes: #606378)
* Add Danish debconf translation (closes: #597766)
* Bump debhelper compatibility to 8 - 17. By François Marier
-
* Move flowplayer.audio to the contrib package as well
* Add an allow rule in apache.conf for flowplayer.audio - 16. By François Marier
-
* Remove postgresql8.3 from recommends, add postgresql8.4
* Add mysql-server-5.1 to recommends
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/mahara