Ubuntu
mahara package

Sync mahara 1.2.4-1 (universe) from Debian sid (main)

Bug #556407 reported by François Marier
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mahara (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 affects ubuntu/mahara
 status new
 importance wishlist
 subscribe ubuntu-sponsors
 done

Please sync mahara 1.2.4-1 (universe) from Debian sid (main)

Changelog entries since current lucid version 1.2.0-2:

mahara (1.2.4-1) unstable; urgency=high

  * New upstream release
    - fix for SQL injection (CVE-2010-0400)

 -- Francois Marier <email address hidden> Tue, 06 Apr 2010 21:07:03 +1200

mahara (1.2.3-1) unstable; urgency=low

  * New upstream release
  * Fix error in postrm script for when /usr/share/mahara/theme/ doesn't exist

  * Bump Standards-Version to 3.8.4
  * Switch team maintenance email address to a Launchpad mailing list

 -- Francois Marier <email address hidden> Mon, 08 Feb 2010 11:58:22 +1300
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBCAAGBQJLuxhWAAoJEBYoHy4AfJjRXlMP/RGxzGdCLkQibvlIslRxvDKU
USt7A5Wz8r8gkwYlylqPgNjJMtYYyCkSq1CMcXcnBNQJnegqhJWeyHE3Tsk7rwLu
C/zf66ak9L55AY5qGhqN4NG2Zzk1hjkHGauVkNJCYH/uI2MroBCt/AjAw4i4GeCU
6ipQzv6tvpaCFlgsTM0/1B+eb01wYHMfOmrFH66D1gBiDdWsI/fmx37im0xpjOYT
GynzZr1JsxM7MIVlL3pF1JEnap0u9hmfcvJZq3vifZURauMwKrpAP6mGECDXPS6o
5wP1Ymt3HqP1KaKq/HJ+dVZKRstdZBdqZJp9hKUZ3r7TWKdODyVcMKFhjQ/n3ZSI
hCXONgB2Ggm0mmQFuJXJq82+D5riR1YqNxDsLDwkenY2ZsaClg9XHpoIEtzLr8tu
DQElaAb2RrddFzzke9VJu7vWQ8pTQkHPdrTB0MSVyjxXCKnlGlEOqpfZ2nzcUAgP
HG6L/xoqWEOdvX9/ig5FrIHqRCEWUWW4tLAZ/A+6LzLkfvxbGSveEuayrbOTMkP5
sryTbmWDRVOcmm+sH9plsRCIhIvR6tQncKJf0Q9JVyX1esUCD+w+LT0j7OljBtRC
vbjTf3+awGUWiPopbsGj6gRsp6ih3h60k/HAVButjW15rlYpDxQBsI1DU1YrHoCB
HEOdJV3bZTkFl6BXV/Kv
=oga0
-----END PGP SIGNATURE-----

CVE References

François Marier (fmarier)
security vulnerability: no → yes
Revision history for this message
François Marier (fmarier) wrote :

Note that this new version of Mahara includes a very important security fix (also see Bug #556369) but it also includes a number of important upstream bug fixes:

- many browser fixes (IE6, Chrome, Safari)
- view feedback
- zip and flv file uploads
- html export
- forum post emails
- saml authentication
- blog post deletion, and more

MySQL users are especially urged to upgrade from 1.2.0 because of major bugs which have been fixed since the initial 1.2 release.

This is why I am requesting a sync from Debian instead of just fixing the security issue. I think that the LTS should be based on a more solid release of Mahara.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. FFe approved. Leaving at New for sponsor review.

Revision history for this message
Daniel Holbach (dholbach) wrote :

ACKed.

Changed in mahara (Ubuntu):
status: New → Triaged
Revision history for this message
James Westby (james-w) wrote :

2010-04-12 11:02:47 INFO - <mahara_1.2.4.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
[Updating] mahara (1.2.0-2ubuntu1 [Ubuntu] < 1.2.4-1 [Debian])
 * Trying to add mahara...
2010-04-12 11:02:49 INFO - <mahara_1.2.4-1.dsc: downloading from http://ftp.debian.org/debian/>
2010-04-12 11:02:49 INFO - <mahara_1.2.4-1.debian.tar.gz: downloading from http://ftp.debian.org/debian/>
I: mahara [universe] -> mahara_1.2.0-2ubuntu1 [universe].
I: mahara [universe] -> mahara-apache2_1.2.0-2ubuntu1 [universe].

Changed in mahara (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.