Accepted mahara 1.2.6-2+squeeze3 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 02 Nov 2011 17:48:42 +1300
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source all
Version: 1.2.6-2+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Mahara Packaging Team <mahara-packaging@lists.launchpad.net>
Changed-By: Francois Marier <francois@debian.org>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media
Changes:
mahara (1.2.6-2+squeeze3) stable-security; urgency=high
.
* SECURITY UPDATE: fix unsanitised URIs in external feed block (XSS)
- debian/patches/CVE-2011-2771.patch: upstream patch
.
* SECURITY UPDATE: fix DoS when large or invalid images are uploaded
- debian/patches/CVE-2011-2772.patch: upstream patch
.
* SECURITY UPDATE: fix CSRF when adding a user to an institution
- debian/patches/CVE-2011-2773.patch: upstream patch
.
* SECURITY UPDATE: prevent masquerading as another user through MNet
- debian/patches/mnet_masquerading.patch: upstream patch
Checksums-Sha1:
24f1c58833d6f48582daf8079eb0579f65a2c356 1962 mahara_1.2.6-2+squeeze3.dsc
9c3743eab70bb28562994b17a0840b5441bc58fb 29701 mahara_1.2.6-2+squeeze3.debian.tar.gz
80077b9215ead75f1c4cac9899a33ec17d95763d 1636316 mahara_1.2.6-2+squeeze3_all.deb
07c37195cef1b362e34327b069d266b2311d867b 12738 mahara-apache2_1.2.6-2+squeeze3_all.deb
a71e3ac7fbb4b201f7bb7878542568b3101bd833 448350 mahara-mediaplayer_1.2.6-2+squeeze3_all.deb
Checksums-Sha256:
edab8fed9ebabc9320280b085a67e57e537bc51eebcb2b1f428d58c7c780bd1e 1962 mahara_1.2.6-2+squeeze3.dsc
7f7e2b4fc995053107ebe951befec873a2bc2a5662c1248bad5ec32b8f68f0a1 29701 mahara_1.2.6-2+squeeze3.debian.tar.gz
ee301c1ada63a9fca60dda29802a55d84c85babdcb35fe93c003505bd191eea8 1636316 mahara_1.2.6-2+squeeze3_all.deb
3378cd8adbb76769e44223c4bb2f43e1f952317ce31f5e0ff46677c5582221f6 12738 mahara-apache2_1.2.6-2+squeeze3_all.deb
9731acea50217e9abb4d717aef05928e92486389536ae7c1225eb8e317f19f9a 448350 mahara-mediaplayer_1.2.6-2+squeeze3_all.deb
Files:
8eda76b60754a457ecb93cc2491d9818 1962 web optional mahara_1.2.6-2+squeeze3.dsc
833b684bb421f434aeac1c6230eb21e2 29701 web optional mahara_1.2.6-2+squeeze3.debian.tar.gz
a7aaae5b3593de90c1bc644983cd0b9d 1636316 web optional mahara_1.2.6-2+squeeze3_all.deb
e8e4b1d7ac91f0fdd5d43fe9e1fdcc73 12738 web optional mahara-apache2_1.2.6-2+squeeze3_all.deb
ed2f5131bed874a37ba2312e80297187 448350 contrib/web optional mahara-mediaplayer_1.2.6-2+squeeze3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJOsNBIAAoJEBYoHy4AfJjRs+kQAJ5yj9jN5jwMrkTHxmIny/Rc
ZdE8Cfl9FqF/asFRgdrFwygO4WLb+I1hTtLamub8I9eZCILXA9le885WMUkGdl16
DVim4zK62WHo75pJQXY31Mc66v1YmeR51hz24SLiD4CG0aDWznRreAMHPINdpvrU
57Gm7jTI3vMcuq2lTpvkHAv8mmooKyQOyRMp422RNJbzdzxBTxmRhX1ppzvNozxA
lbYD0ypyxnWkbPq2ddEr8uNn1dMjI0gwZCtXH6NyAXYbMRy9c+XinL1fsxRbap1k
YM7KXFRaX7Cj2G1nVdmCtDWJrolc9NlE16wHzEmxc+G60ZW2696pBRo/hx9e/36q
F2zJPfrjsmS0DfhVu4yHYEaTSqUx0Ebj1qhtj3+Yu4xw2rPtaA7wRFGr2C9ok2TV
DrVXuREDqv54oOYEb6Erj37oqo8F4OMJ861ir9LUt2LZYZH200N221FUrnYhqhv9
F4I7eXZUkdD2HijnqeFIlKZQBPSNDCZM9D6vmy4/aizRgurAxtLmdJOwvmHseSLm
Gs2HY8I/doqPymyjIVG5AZW8HPIZibSKOg7QEJaSpcAO0K43j8qgxgJBi8JbrPL1
CTNWXeb3bBZ5N2hVNl/7wklV9muK6HljXU+qgiVGgwTWk0nBrbZfA4XfSsY5psJn
vT/2orICFqPSRLDTogfx
=mcGv
-----END PGP SIGNATURE-----
Accepted:
mahara-apache2_1.2.6-2+squeeze3_all.deb
to main/m/mahara/mahara-apache2_1.2.6-2+squeeze3_all.deb
mahara-mediaplayer_1.2.6-2+squeeze3_all.deb
to contrib/m/mahara/mahara-mediaplayer_1.2.6-2+squeeze3_all.deb
mahara_1.2.6-2+squeeze3.debian.tar.gz
to main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz
mahara_1.2.6-2+squeeze3.dsc
to main/m/mahara/mahara_1.2.6-2+squeeze3.dsc
mahara_1.2.6-2+squeeze3_all.deb
to main/m/mahara/mahara_1.2.6-2+squeeze3_all.deb