-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 16 Jul 2012 09:37:07 +0000 Source: mahara Binary: mahara mahara-apache2 mahara-mediaplayer Architecture: source all Version: 1.5.1-2 Distribution: unstable Urgency: high Maintainer: Mahara Packaging Team <mahara-packaging@lists.launchpad.net> Changed-By: Melissa Draper <melissa@catalyst.net.nz> Description: mahara - Electronic portfolio, weblog, and resume builder mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media Changes: mahara (1.5.1-2) unstable; urgency=high . * SECURITY UPDATE: Fix multiple cross-site scripting vulnerabilities - Sanitize json-encode login form when injected by js - Sanitize links in links and resources menu - Sanitize file description for blog image editor - Add escaping to user_display_name by adding to dwoo template - debian/patches/CVE-2012-2237-0001.patch: upstream patch - debian/patches/CVE-2012-2237-0002.patch: upstream patch - debian/patches/CVE-2012-2237-0003.patch: upstream patch - debian/patches/CVE-2012-2237-0004.patch: upstream patch Checksums-Sha1: 0e406238f3fdbfc468835e33b57475d16c7df127 2021 mahara_1.5.1-2.dsc 2681509cbe218fdd12e045b03497b25b22a91409 27891 mahara_1.5.1-2.debian.tar.gz e2895b8e6fcc5e69d8fbf3f9a5b1655085881d42 2697730 mahara_1.5.1-2_all.deb c014db039ba6fcde68695fc36fe8252006a46eee 16068 mahara-apache2_1.5.1-2_all.deb 8ea6ae429be3ace6717432db7151da32c39bba3d 458482 mahara-mediaplayer_1.5.1-2_all.deb Checksums-Sha256: ce4d3fe0db01962a91bf42cb472b75afb35d68ea21627020ef991e8cf37ab1c6 2021 mahara_1.5.1-2.dsc 615799296432322d687996484062d9a91ca4c21747795df2c3fb130731e03508 27891 mahara_1.5.1-2.debian.tar.gz 1fc949f44017270b952ebf46e03f094cd6e532b4b3d50c16858923edd136492c 2697730 mahara_1.5.1-2_all.deb 34ba742e9ef4632770fc86268227d9715c8e6187ac63d04942ba0f5dfee0f7f6 16068 mahara-apache2_1.5.1-2_all.deb de9bd0b7cbce68b0554758fc568373b5f5a2aaaca8bc971f3aafe48ecdeff24d 458482 mahara-mediaplayer_1.5.1-2_all.deb Files: ffc619a67633d3a4332aebb577c52110 2021 web optional mahara_1.5.1-2.dsc 368e82389a60313fe76c930929769b00 27891 web optional mahara_1.5.1-2.debian.tar.gz 2227437e4b26d8182fc19b7bdff4ca59 2697730 web optional mahara_1.5.1-2_all.deb 5463fba4893554ffe0487a08b7173247 16068 web optional mahara-apache2_1.5.1-2_all.deb 0af0f238c7de1169e6d8811c726a6de6 458482 contrib/web optional mahara-mediaplayer_1.5.1-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQKOIIAAoJEBYoHy4AfJjRFKYQAK7kKuaqe+jtii2BLxYplmVz QAwhdjmSn7jlnSkh5aLSMrNkSOjwB0Q1tSBuqFLCp49fIBRZvubqCDOhh4V7aWP+ vLKCBJQDmsmfS3NTMxNmU52Vf3JRgL6l9EVotLtrJAADf7UM1p+HrmM9BIHcigDo MNNbbNtIJTfamJun17Y840YMV2dT0rCgYiA1SgTRGB4IbT+Mt+O5SzR/G97rVqJu zQZhdXdfRsLakWuPB1lCSQojoZ2bRZfKzbRGCA9VmjkdnmqFYCP621SlZzW79BiI FYE5UB/kkY/pFM+M4DM64w3Cm459xIJ/B6NhX9Hjru7VaC+pjSWv9Yk+8MNBaDH9 TCbFgtGubWYZhi/2QVrF+LxIz1mYttt1h5NpiwQ6nvWGI/k0kgkiNo85hb18QDtB P+TLb1ZjOxFJpvCigLFGdAAUSUwiS4fIDT0L1D5rOnrmDgnQ3yZqE1CmqGMwPO+8 CUmVKtf4In8tTdC0S3Swb2pz5vpJt3ZJxBq8ox3JEj8tdT5/ookw65qQqd6QLdSp 4VYxYAy3UuHkCUcGf1LXdtwlKud3L9giiGCfGC85u4SCwy0jQF5jPU+nhpKe2iY4 JVD6wLg7z+jfkxZKtfNEvXVviZ4tirSCerjpbyjEA7dsZ7YSuTLoK86pH2RcCFkC OxzfAoDy+Zj+w5sylhc+ =Bk49 -----END PGP SIGNATURE-----