Ubuntu
mahara package

lp:ubuntu/oneiric-security/mahara

  1. Oneiric (11.10)
  2. oneiric-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-security/mahara
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

23. By Melissa Draper

* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
  - Default configuration changed to prevent impersonation (LP: #958841)
  - debian/patches/saml_multi_default_config.patch: upstream patch

22. By Melissa Draper

* SECURITY UPDATE: XSS in unvalidated URI attributes
  - Added a filter to sanitise user input urls (LP: #888358)
  - debian/patches/CVE-2011-2771.patch: upstream patch
  - CVE-2011-2771

* SECURITY UPDATE: DoS attack via invalid or excessively large images
  - Added a check to evaluate available memory before processing
    (LP: #888358)
  - debian/patches/CVE-2011-2772.patch: upstream patch
  - CVE-2011-2772

* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding
  them to an institution
  - remove unreferenced and vulnerable addtoinstitution.php (LP: #888358)
  - debian/patches/CVE-2011-2773.patch: upstream patch
  - CVE-2011-2773

* SECURITY UPDATE: Information disclosure exposing private messages
  - User check to ensure they are conversation participant (LP: #888358)
  - debian/patches/CVE-2011-2774.patch: upstream patch
  - CVE-2011-2774

* SECURITY UPDATE: Prevent masquerading users from jumping as others
  - Added a check to prevent jumping as other users. (LP: #888358)
  - debian/patches/mnet_masquerading.patch: upstream patch

21. By François Marier

* New major upstream release
  - upstream .htaccess file has been removed

* Add missing (empty) build targets in debian/rules (lintian warning)

20. By François Marier

* New upstream release (major security fixes):
  - CVE-2011-1402
  - CVE-2011-1403
  - CVE-2011-1404
  - CVE-2011-1405
  - CVE-2011-1406

* Fix versioned dependency of mahara-apache2
* Drop mysql-server-5.0 recommendation
* Bump Standards-Version up to 3.9.2

19. By François Marier

* Major new upstream release
  - compatibility with HTML Purifier 4.3.0

* Remove unused Mochikit lintian override
* Update path of flowplayer in debian/rules
* Fix more broken permissions in debian/rules
* Add dependency on ttf-bitstream-vera and remove Mahara's bundled copy
* Sync Uploaders field with Launchpad Team

18. By François Marier

* New upstream security release:
  - CVE-2011-0439 (XSS in select boxes)
  - CVE-2011-0440 (CSRF when deleting blogs)

* Add Italian debconf translation (closes: #606378)
* Add Danish debconf translation (closes: #597766)
* Bump debhelper compatibility to 8

17. By François Marier

* Move flowplayer.audio to the contrib package as well
* Add an allow rule in apache.conf for flowplayer.audio

16. By François Marier

* Remove postgresql8.3 from recommends, add postgresql8.4
* Add mysql-server-5.1 to recommends

15. By François Marier

* New upstream release
  - fix for SQL injection (CVE-2010-0400)

14. By Chuck Short

debian/control: Dont recommend mysql-server-5.0.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/mahara
This branch contains Public information 
Everyone can see this information.

Subscribers