lp:ubuntu/utopic/mahara

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

28. By Luca Falavigna on 2012-12-23

* Non-maintainer upload.
* SECURITY UPDATE: Fix a cross-site scripting (XSS) vulnerability
  which allowed remote attackers to inject arbitrary web script or
  HTML via the query parameter.
  - debian/patches/CVE-2012-2253.patch
  - Closes: #695789

27. By Melissa Draper on 2012-11-12

* SECURITY UPDATE: Disable XML entity parsing to prevent XEE
  - debian/patches/CVE-2012-2239.patch: upstream patch

* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
  - Content passed to the error message was not escaped
  - Escape pieform errors displayed to users
  - debian/patches/CVE-2012-2243-0001.patch: upstream patch
  - XHTML files prone to embedded javascript
  - Prevent uploaded xhtml files from displaying verbatim
  - debian/patches/CVE-2012-2243-0002.patch: upstream patch

* SECURITY UPDATE: Arbitrary file execution via clam path
  - Remove executable bit from existing uploaded files
  - debian/patches/CVE-2012-2244-0001.patch: upstream patch
  - Ensure future files will not be executable
  - debian/patches/CVE-2012-2244-0002.patch: upstream patch
  - Remove direct path option from web configuration
  - debian/patches/CVE-2012-2244-0003.patch: upstream patch

* SECURITY UPDATE: Prevent click-jacking attacks
  - Add a HTTP header of X-Frame-Options to every page
  - debian/patches/CVE-2012-2246.patch: upstream patch

* SECURITY UPDATE: Prevent SVG images being displayed
  - SVG images displayed inline
  - Adds SVG files to the list of files to not display by default
  - debian/patches/CVE-2012-2247.patch: upstream patch

26. By David Prévot <email address hidden> on 2012-10-27

* Non-maintainer upload
* debian/mahara.preinst: Remove previous symlink that is replaced by a
  directory (closes: #690124)

25. By Melissa Draper on 2012-07-16

* SECURITY UPDATE: Fix multiple cross-site scripting vulnerabilities
  - Sanitize json-encode login form when injected by js
  - Sanitize links in links and resources menu
  - Sanitize file description for blog image editor
  - Add escaping to user_display_name by adding to dwoo template
  - debian/patches/CVE-2012-2237-0001.patch: upstream patch
  - debian/patches/CVE-2012-2237-0002.patch: upstream patch
  - debian/patches/CVE-2012-2237-0003.patch: upstream patch
  - debian/patches/CVE-2012-2237-0004.patch: upstream patch

24. By Melissa Draper on 2012-05-31

[ Melissa Draper ]
* New major upstream release
  - Improved password storage
  - Database triggers
  - php minimum version now 5.3

* Drop dependency on Dwoo and use bundled version instead
* Update versioned dependencies on Postgres and MySQL
* Add libjs-jquery dependency
* Bump Standards-Version up to 3.9.3
* Bump debhelper compatibility to 9

[ Francois Marier ]
* Fix watch file
* Update homepage URL in debian/control
* Update Alioth URLs

23. By Melissa Draper on 2012-03-14

* New upstream release
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
  - Default configuration changed to prevent impersonation

22. By François Marier on 2011-11-04

* New upstream release
  - CVE-2011-2771
  - CVE-2011-2772
  - CVE-2011-2773
  - CVE-2011-2774

21. By François Marier on 2011-06-22

* New major upstream release
  - upstream .htaccess file has been removed

* Add missing (empty) build targets in debian/rules (lintian warning)

20. By François Marier on 2011-05-10

* New upstream release (major security fixes):
  - CVE-2011-1402
  - CVE-2011-1403
  - CVE-2011-1404
  - CVE-2011-1405
  - CVE-2011-1406

* Fix versioned dependency of mahara-apache2
* Drop mysql-server-5.0 recommendation
* Bump Standards-Version up to 3.9.2

19. By François Marier on 2011-04-11

* Major new upstream release
  - compatibility with HTML Purifier 4.3.0

* Remove unused Mochikit lintian override
* Update path of flowplayer in debian/rules
* Fix more broken permissions in debian/rules
* Add dependency on ttf-bitstream-vera and remove Mahara's bundled copy
* Sync Uploaders field with Launchpad Team