-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 Nov 2011 16:04:03 +1300 Source: mahara Binary: mahara mahara-apache2 Architecture: source all Version: 1.0.4-4+lenny11 Distribution: oldstable-security Urgency: high Maintainer: Mahara Debian Packaging Team <pkg-debian@mahara.org> Changed-By: Francois Marier <francois@debian.org> Description: mahara - Electronic portfolio, weblog, and resume builder mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config Changes: mahara (1.0.4-4+lenny11) oldstable-security; urgency=high . * SECURITY UPDATE: fix unsanitised URIs in external feed block (XSS) - debian/patches/CVE-2011-2771.dpatch: upstream patch . * SECURITY UPDATE: fix DoS when large or invalid images are uploaded - debian/patches/CVE-2011-2772.dpatch: upstream patch . * SECURITY UPDATE: fix CSRF when adding a user to an institution - debian/patches/CVE-2011-2773.dpatch: upstream patch . * SECURITY UPDATE: prevent masquerading as another user through MNet - debian/patches/mnet_masquerading.dpatch: upstream patch Checksums-Sha1: 214bd17bc556a2d84353c218273ee6cc9b7b7874 1947 mahara_1.0.4-4+lenny11.dsc 236e3e9af05d604ad3aa642526888b1fc7a1ef44 53045 mahara_1.0.4-4+lenny11.diff.gz 60c6c27ef323afcbb6106b8e0ac4f435d815f938 1697860 mahara_1.0.4-4+lenny11_all.deb a23e2580749be652a45003cbd732564e88163a21 8632 mahara-apache2_1.0.4-4+lenny11_all.deb Checksums-Sha256: 82e6c828f92b077e9c5999c687276b4e5334786f62c47e3bc554b346cc65f058 1947 mahara_1.0.4-4+lenny11.dsc b76bfd74381a79773d5558fd8a0f8bb1630ba15330479eff7aade096f42668ef 53045 mahara_1.0.4-4+lenny11.diff.gz 2f8421ed96bae7f5f77ffed3112ec5ccfdd9ca3e9e928297e89b88b7913f59b3 1697860 mahara_1.0.4-4+lenny11_all.deb 970a092df53c1a06c4fb713b9493bd5f5ab891540eebfb0f86866ae5a4b69cc4 8632 mahara-apache2_1.0.4-4+lenny11_all.deb Files: 6b5175042d2daf0d55b908c378eb9121 1947 web optional mahara_1.0.4-4+lenny11.dsc 02b27928b6d18e24489a5d1ee8db9d91 53045 web optional mahara_1.0.4-4+lenny11.diff.gz 8a2a1251c3f2fe83b78ddec1a306591f 1697860 web optional mahara_1.0.4-4+lenny11_all.deb fe195768d15ba47bc63b8e34f23609d8 8632 web optional mahara-apache2_1.0.4-4+lenny11_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCAAGBQJOsgduAAoJEBYoHy4AfJjRhV8P/j4pl6hSIDuBcxvN6fNtdLoe oBGx0FtXf+QCtsC7n0K6Xva6a62l0HkHYvJWuuQmD70QfMVEBgHyz8Rhpo/eF4F6 glxD0IYFfrz2yUAOw2StoSIhiYuVlAAczPhDhXJ4EwfuCuk7+6VEFE3W2KmmOejk K/1B/WBvY5N2BPGJPRFwko5Er2HNbQ0WoiKP0+Q9YOf2E9TZwFpqoyHQfC4d+Xfe 5GNMG9f5UHYDMDriYCyhFEv8epl6ndB8nW96blA4DLhVQDqD+GAPSefanUwwLTXA 95YdW0hANaiDlnNpVIQQrTMIwuQbX7DDRjTpc6MSApTl0Z3/cVsdrLMVqk9P7p66 is651lQ/rHPvhGpAguH4a58Lg/3Owt8xMHpTtjAB+gHSlYLp/RgbbkI2FXKUlOzD ff8fV48Vg0J9xLOTDuUXP6RVqtCCw/2pbTMWT6RZZoS+zPb7yWFGKQrWwvVW+KNB ECaVQPYs9n6Tr0aehKozwziE245dZEXctWxVmHHnnTbXUR8v9hGpAbXv1pCkIfyJ MOdMqA+JciGR+d3CkakEfoS48QftKfY/w6rKQjFewExBEUyTDCPZv/EWy+QczRfJ ZtUFyWMX1T5LxyEmmq1xSaNgpas5VZnyzGuJyxRG9XhoU0FjGCLjeRr3dN8/sQg6 oQoEKBJpd91u8/4NhJg3 =XDAY -----END PGP SIGNATURE----- Accepted: mahara-apache2_1.0.4-4+lenny11_all.deb to main/m/mahara/mahara-apache2_1.0.4-4+lenny11_all.deb mahara_1.0.4-4+lenny11.diff.gz to main/m/mahara/mahara_1.0.4-4+lenny11.diff.gz mahara_1.0.4-4+lenny11.dsc to main/m/mahara/mahara_1.0.4-4+lenny11.dsc mahara_1.0.4-4+lenny11_all.deb to main/m/mahara/mahara_1.0.4-4+lenny11_all.deb