Back to mahara PTS page

Accepted mahara 1.5.1-3 (source all)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 Nov 2012 04:08:09 +0000
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source all
Version: 1.5.1-3
Distribution: unstable
Urgency: high
Maintainer: Mahara Packaging Team <mahara-packaging@lists.launchpad.net>
Changed-By: Melissa Draper <melissa@catalyst.net.nz>
Description: 
 mahara     - Electronic portfolio, weblog, and resume builder
 mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
 mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media
Changes: 
 mahara (1.5.1-3) unstable; urgency=high
 .
   * SECURITY UPDATE: Disable XML entity parsing to prevent XEE
     - debian/patches/CVE-2012-2239.patch: upstream patch
 .
   * SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
     - Content passed to the error message was not escaped
     - Escape pieform errors displayed to users
     - debian/patches/CVE-2012-2243-0001.patch: upstream patch
     - XHTML files prone to embedded javascript
     - Prevent uploaded xhtml files from displaying verbatim
     - debian/patches/CVE-2012-2243-0002.patch: upstream patch
 .
   * SECURITY UPDATE: Arbitrary file execution via clam path
     - Remove executable bit from existing uploaded files
     - debian/patches/CVE-2012-2244-0001.patch: upstream patch
     - Ensure future files will not be executable
     - debian/patches/CVE-2012-2244-0002.patch: upstream patch
     - Remove direct path option from web configuration
     - debian/patches/CVE-2012-2244-0003.patch: upstream patch
 .
   * SECURITY UPDATE: Prevent click-jacking attacks
     - Add a HTTP header of X-Frame-Options to every page
     - debian/patches/CVE-2012-2246.patch: upstream patch
 .
   * SECURITY UPDATE: Prevent SVG images being displayed
     - SVG images displayed inline
     - Adds SVG files to the list of files to not display by default
     - debian/patches/CVE-2012-2247.patch: upstream patch
Checksums-Sha1: 
 19c03cc1465399a695ba585be1aa585e3a2d86bf 2021 mahara_1.5.1-3.dsc
 6b687416d8ecf696ac464ebea2529eddfe73d1bf 33764 mahara_1.5.1-3.debian.tar.gz
 ccf53024de9cc2857a8ff3b66d63518a3f6de00b 2720760 mahara_1.5.1-3_all.deb
 db84cafef771c92fb2eb248b45b714de68cee19f 16510 mahara-apache2_1.5.1-3_all.deb
 555aa2778d4fb748660ed98b790494c832c0177e 449416 mahara-mediaplayer_1.5.1-3_all.deb
Checksums-Sha256: 
 0f8b597f517d29e1a18d21379c5570b1d4a789138e73c66c08ab2cce8ff9a14a 2021 mahara_1.5.1-3.dsc
 754bb8467589c810f8656cb5a565c5173dcf35da4db8ef8a529bbd9d2f9b6864 33764 mahara_1.5.1-3.debian.tar.gz
 951a474347eee273e9b6df4869ee1366151d31cb7096a71ffacf2747c21ce6a8 2720760 mahara_1.5.1-3_all.deb
 797ebcac49db0adb8cbd8b205230108358a577f0cf968e14fd46ab014cdc72bf 16510 mahara-apache2_1.5.1-3_all.deb
 4dacf0d9f78ac9ddd96dab35b566166b1b447619e5993adec9177d745b2c5776 449416 mahara-mediaplayer_1.5.1-3_all.deb
Files: 
 25f28b8c028e86cb766d8c5ee3b3a738 2021 web optional mahara_1.5.1-3.dsc
 492f9437e3841613501b9528287d17ab 33764 web optional mahara_1.5.1-3.debian.tar.gz
 27b805f6fe8fdef35b0cb36f0333e2cf 2720760 web optional mahara_1.5.1-3_all.deb
 ac3a4d04f80448274dbc53bf3575c5f0 16510 web optional mahara-apache2_1.5.1-3_all.deb
 cb1999605b5bde2e7f2ca08641565628 449416 contrib/web optional mahara-mediaplayer_1.5.1-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJQpgS0AAoJEE0knZsj5vw68F0P/R9GuK66nLna7TCAvTiFMahi
Ux0BUx8dSyvklC1sIsafA6TstZM+q11kxF8XLWepfYKb2Rn/FPFVT+7/R+LpbbNl
t/Qbu3tcExN6HgEaa6M4XmClv/6X4zbZ6JXX9wagnQ+IYf9SXcSUshAkalr1AO07
XmByF0hamV1g5wffwPt7kdrq5E/jbfjmZNtRNKQXcGux8Gt34ZulBcUQMwAKkt4e
ZmA3wEsCNjwQyHVxNDNdE1Z9/9gkj+e6j5a/4cwfmhzqMGiFLv/iRftGu3gIQxBI
voboSQwjYy7M5cGyAk4uKjrGpFWLPCbKhw5ZRqlHgE+cLvdZ8LGr6pbikROqO9y3
sXGm0q86o+EE9XNEEH98z2EEzwEFDgAG2hXFK1gJcrQkXaY3o18bcmmjC5vHPob+
MgTaBqQIJW2Rg3XLbQ4Oizv6X0Hj5oV6XU+dWBu6dFHqUpmQz0xvdP02zEqUST4I
tQwp5M5G3/dbbzfI8hEz+r9hznHN1fNOmN4phyrMuHuglAX4pK85z24aNipdADHy
wdCwLgZpf28iAwb0TcwBLLll17gbsu++IDq6vFduDHKn3lPM1x1Q/fcH9oqjsNDA
TZVo7iwioc/i20bCqtTSC7H8VvKyvRdOuWLTOxLKDO4O63Kfs75i50w47sjIN5fb
9e1xi6sLb+qd3xjRbact
=Qx3v
-----END PGP SIGNATURE-----