-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 09 May 2011 13:30:06 +1200 Source: mahara Binary: mahara mahara-apache2 mahara-mediaplayer Architecture: source all Version: 1.2.6-2+squeeze2 Distribution: stable-security Urgency: high Maintainer: Mahara Packaging Team <mahara-packaging@lists.launchpad.net> Changed-By: Francois Marier <francois@debian.org> Description: mahara - Electronic portfolio, weblog, and resume builder mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media Changes: mahara (1.2.6-2+squeeze2) stable-security; urgency=high . * SECURITY UPDATE: fixes to session key validation (CSRF) - debian/patches/CVE-2011-1403.patch: upstream patch . * SECURITY UPDATE: privilege escalations - debian/patches/CVE-2011-1402.patch: upstream patch . * SECURITY UPDATE: information disclosure in AJAX calls - debian/patches/CVE-2011-1404.patch: upstream patch . * SECURITY UPDATE: https to http downgrade - debian/patches/CVE-2011-1406.patch: upstream patch . * SECURITY UPDATE: sanitisation of HTML emails - debian/patches/CVE-2011-1405.patch: upstream patch Checksums-Sha1: dd44eb1a184930ad5984ece479174d88b5cef11f 1962 mahara_1.2.6-2+squeeze2.dsc 2809ff23b19a15a34a9a81e5e5006b07ff363c01 25869 mahara_1.2.6-2+squeeze2.debian.tar.gz e5ee4cffeb32b7c707804cfe43b62461d7512637 1629640 mahara_1.2.6-2+squeeze2_all.deb a8b971530040e6239ef915a3ce1f692568f41346 12496 mahara-apache2_1.2.6-2+squeeze2_all.deb 85b9fc938b4e23f445da2b86ab7020ab976450fb 451768 mahara-mediaplayer_1.2.6-2+squeeze2_all.deb Checksums-Sha256: f945a2e1458bc0799ff17e1599d4f75724f27386c95edf77971545cb63945b3a 1962 mahara_1.2.6-2+squeeze2.dsc c047252d2b8c73635962ee73935e6a83659bff98bb311e5480e4aecbf8bade02 25869 mahara_1.2.6-2+squeeze2.debian.tar.gz c0824079e44b14cd89c1e45e9a8bf4bf2801fa26495f1f793eaafd880b69619e 1629640 mahara_1.2.6-2+squeeze2_all.deb e9d861f90d87a45e853a3223dc616a9ee829d498de84abf389ee6705d8609816 12496 mahara-apache2_1.2.6-2+squeeze2_all.deb cafc85e13abd028ffc92313308b753aff26e49c5dbf52942ee0d8a950af2b8c1 451768 mahara-mediaplayer_1.2.6-2+squeeze2_all.deb Files: b665e0036eba5d600d47308573db3528 1962 web optional mahara_1.2.6-2+squeeze2.dsc 538a0ec83007004fb9bbe2098eb465e1 25869 web optional mahara_1.2.6-2+squeeze2.debian.tar.gz da28949614a5f89c6c5c610c8f613c69 1629640 web optional mahara_1.2.6-2+squeeze2_all.deb af23f0dc7e5ccbfe54defb47c5a3e8a6 12496 web optional mahara-apache2_1.2.6-2+squeeze2_all.deb a8994f1940cc72d0018f0e4cfec9ec92 451768 contrib/web optional mahara-mediaplayer_1.2.6-2+squeeze2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJNx0WhAAoJEBYoHy4AfJjR944P/Ah60Lhu+PkahTt6Xbi7LjmS vqhwaaVRtJoSeln6caCq4mmDGMC/k9bf5lMSOzReglFJmHaWW4p3WoPCtc7Evw9t eBOPqHAi9Uimp1bqkDxpZDKtrcYO+0mMHUXUqsL27MjD0hjC38a07UoYeNrFEpv5 +dRWgW6EBTuQni2p4UjoBqnQfVc2USUOEtavHzabh4zi2lyPJdm00MU2mjPznjmG 1hiJeodVWPnNoR86kamGmciQKFU8esn6XC43qZ860a2Ca9VdexAsXJilgCPMzmoA 9OpgdTO4g97+//riR6aUX9A5j2l7ytuBmVxgLrdEunUJBA4DYSO10MjYMIaPrYTD c+jKUQJrp9Mq9L0SO3t5zfNwCSU2lGoAPSraoghpFVpq1EMW6eKLW7USo1XRhzjv 86EYPTNH2KISUqXKQrmPADqpuaSGSRdV70cHgzy61zb+xye/mDZWxkkcnSwB+/7T a4lORjJLF0vs+FnZU3/Ub4ymlIJB543rYS2SlcEt1ErCPyO2GJlDkr1bP22MyfpO /v0CfSL1V3HZdTZCho+tmgLeXwChUwFYF+QAevbG9RNngIvlrUh4+yOW61edE9ZJ 9aRTqc1Op6YCsxI0YRpEo67/5zOmVvpxSEHIxDZ6Xz93+No/h7pW5WpsxgDvCQpd y0Jsl0kKRdmVveiyiiiU =sw2D -----END PGP SIGNATURE----- Accepted: mahara-apache2_1.2.6-2+squeeze2_all.deb to main/m/mahara/mahara-apache2_1.2.6-2+squeeze2_all.deb mahara-mediaplayer_1.2.6-2+squeeze2_all.deb to contrib/m/mahara/mahara-mediaplayer_1.2.6-2+squeeze2_all.deb mahara_1.2.6-2+squeeze2.debian.tar.gz to main/m/mahara/mahara_1.2.6-2+squeeze2.debian.tar.gz mahara_1.2.6-2+squeeze2.dsc to main/m/mahara/mahara_1.2.6-2+squeeze2.dsc mahara_1.2.6-2+squeeze2_all.deb to main/m/mahara/mahara_1.2.6-2+squeeze2_all.deb