Comment 9 for bug 602772

mahara (1.0.9-2ubuntu0.7) jaunty-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting vulnerabilities
    - debian/patches/CVE-2010-1667.dpatch: upstream patch
    - CVE-2010-1667

  * SECURITY UPDATE: multiple cross-site request forgery vulnerabilities
    - debian/patches/CVE-2010-1668.dpatch: upstream patch
    - CVE-2010-1668

  * SECURITY UPDATE: unsafe auth plugins configuration options
    - debian/patches/CVE-2010-1670.dpatch: upstream patch
    - CVE-2010-1670

  * SECURITY UPDATE: IE-only cross-site scripting bug in HTML Purifier
    - debian/patches/CVE-2010-2479.dpatch: upstream patch
    - CVE-2010-2479