lp:ubuntu/utopic/mahara
- Get this branch:
- bzr branch lp:ubuntu/utopic/mahara
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 28. By Luca Falavigna
-
* Non-maintainer upload.
* SECURITY UPDATE: Fix a cross-site scripting (XSS) vulnerability
which allowed remote attackers to inject arbitrary web script or
HTML via the query parameter.
- debian/patches/ CVE-2012- 2253.patch
- Closes: #695789 - 27. By Melissa Draper
-
* SECURITY UPDATE: Disable XML entity parsing to prevent XEE
- debian/patches/ CVE-2012- 2239.patch: upstream patch * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
- Content passed to the error message was not escaped
- Escape pieform errors displayed to users
- debian/patches/ CVE-2012- 2243-0001. patch: upstream patch
- XHTML files prone to embedded javascript
- Prevent uploaded xhtml files from displaying verbatim
- debian/patches/ CVE-2012- 2243-0002. patch: upstream patch * SECURITY UPDATE: Arbitrary file execution via clam path
- Remove executable bit from existing uploaded files
- debian/patches/ CVE-2012- 2244-0001. patch: upstream patch
- Ensure future files will not be executable
- debian/patches/ CVE-2012- 2244-0002. patch: upstream patch
- Remove direct path option from web configuration
- debian/patches/ CVE-2012- 2244-0003. patch: upstream patch * SECURITY UPDATE: Prevent click-jacking attacks
- Add a HTTP header of X-Frame-Options to every page
- debian/patches/ CVE-2012- 2246.patch: upstream patch * SECURITY UPDATE: Prevent SVG images being displayed
- SVG images displayed inline
- Adds SVG files to the list of files to not display by default
- debian/patches/ CVE-2012- 2247.patch: upstream patch - 26. By David Prévot <email address hidden>
-
* Non-maintainer upload
* debian/mahara. preinst: Remove previous symlink that is replaced by a
directory (closes: #690124) - 25. By Melissa Draper
-
* SECURITY UPDATE: Fix multiple cross-site scripting vulnerabilities
- Sanitize json-encode login form when injected by js
- Sanitize links in links and resources menu
- Sanitize file description for blog image editor
- Add escaping to user_display_name by adding to dwoo template
- debian/patches/ CVE-2012- 2237-0001. patch: upstream patch
- debian/patches/ CVE-2012- 2237-0002. patch: upstream patch
- debian/patches/ CVE-2012- 2237-0003. patch: upstream patch
- debian/patches/ CVE-2012- 2237-0004. patch: upstream patch - 24. By Melissa Draper
-
[ Melissa Draper ]
* New major upstream release
- Improved password storage
- Database triggers
- php minimum version now 5.3* Drop dependency on Dwoo and use bundled version instead
* Update versioned dependencies on Postgres and MySQL
* Add libjs-jquery dependency
* Bump Standards-Version up to 3.9.3
* Bump debhelper compatibility to 9[ Francois Marier ]
* Fix watch file
* Update homepage URL in debian/control
* Update Alioth URLs - 23. By Melissa Draper
-
* New upstream release
* SECURITY UPDATE: Fix default config for sites with multiple SAML instances
- Default configuration changed to prevent impersonation - 22. By François Marier
-
* New upstream release
- CVE-2011-2771
- CVE-2011-2772
- CVE-2011-2773
- CVE-2011-2774 - 21. By François Marier
-
* New major upstream release
- upstream .htaccess file has been removed* Add missing (empty) build targets in debian/rules (lintian warning)
- 20. By François Marier
-
* New upstream release (major security fixes):
- CVE-2011-1402
- CVE-2011-1403
- CVE-2011-1404
- CVE-2011-1405
- CVE-2011-1406* Fix versioned dependency of mahara-apache2
* Drop mysql-server-5.0 recommendation
* Bump Standards-Version up to 3.9.2 - 19. By François Marier
-
* Major new upstream release
- compatibility with HTML Purifier 4.3.0* Remove unused Mochikit lintian override
* Update path of flowplayer in debian/rules
* Fix more broken permissions in debian/rules
* Add dependency on ttf-bitstream-vera and remove Mahara's bundled copy
* Sync Uploaders field with Launchpad Team
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/vivid/mahara