Sync mahara 1.2.4-1 (universe) from Debian sid (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mahara (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
affects ubuntu/mahara
status new
importance wishlist
subscribe ubuntu-sponsors
done
Please sync mahara 1.2.4-1 (universe) from Debian sid (main)
Changelog entries since current lucid version 1.2.0-2:
mahara (1.2.4-1) unstable; urgency=high
* New upstream release
- fix for SQL injection (CVE-2010-0400)
-- Francois Marier <email address hidden> Tue, 06 Apr 2010 21:07:03 +1200
mahara (1.2.3-1) unstable; urgency=low
* New upstream release
* Fix error in postrm script for when /usr/share/
* Bump Standards-Version to 3.8.4
* Switch team maintenance email address to a Launchpad mailing list
-- Francois Marier <email address hidden> Mon, 08 Feb 2010 11:58:22 +1300
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCAAGBQJ
USt7A5Wz8r8gkwY
C/zf66ak9L55AY5
6ipQzv6tvpaCFlg
GynzZr1JsxM7MIV
5wP1Ymt3HqP1KaK
hCXONgB2Ggm0mmQ
DQElaAb2RrddFzz
HG6L/xoqWEOdvX9
sryTbmWDRVOcmm+
vbjTf3+
HEOdJV3bZTkFl6B
=oga0
-----END PGP SIGNATURE-----
CVE References
security vulnerability: | no → yes |
Note that this new version of Mahara includes a very important security fix (also see Bug #556369) but it also includes a number of important upstream bug fixes:
- many browser fixes (IE6, Chrome, Safari)
- view feedback
- zip and flv file uploads
- html export
- forum post emails
- saml authentication
- blog post deletion, and more
MySQL users are especially urged to upgrade from 1.2.0 because of major bugs which have been fixed since the initial 1.2 release.
This is why I am requesting a sync from Debian instead of just fixing the security issue. I think that the LTS should be based on a more solid release of Mahara.