-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 27 Dec 2012 10:37:23 +0000
Source: mahara
Binary: mahara mahara-apache2 mahara-mediaplayer
Architecture: source all
Version: 1.2.6-2+squeeze6
Distribution: stable-security
Urgency: low
Maintainer: Mahara Packaging Team <mahara-packaging@lists.launchpad.net>
Changed-By: Melissa Draper <melissa@catalyst.net.nz>
Description:
mahara - Electronic portfolio, weblog, and resume builder
mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media
Changes:
mahara (1.2.6-2+squeeze6) stable-security; urgency=low
.
* SECURITY UPDATE: Fix XSS in pagination URL
- debian/patches/CVE-2012-2253.patch: upstream patch
.
* SECURITY UPDATE: Disable XML entity parsing to prevent XEE
- debian/patches/CVE-2012-2239.patch: upstream patch
.
* SECURITY UPDATE: Multiple cross-site scripting vulnerabilities
- Content passed to the error message was not escaped
- Escape pieform errors displayed to users
- debian/patches/CVE-2012-2243-0001.patch: upstream patch
- XHTML files prone to embedded javascript
- Prevent uploaded xhtml files from displaying verbatim
- debian/patches/CVE-2012-2243-0002.patch: upstream patch
.
* SECURITY UPDATE: Arbitrary file execution via clam path
- Remove executable bit from existing uploaded files
- debian/patches/CVE-2012-2244-0001.patch: upstream patch
- Ensure future files will not be executable
- debian/patches/CVE-2012-2244-0002.patch: upstream patch
- Remove direct path option from web configuration
- debian/patches/CVE-2012-2244-0003.patch: upstream patch
.
* SECURITY UPDATE: Prevent click-jacking attacks
- Add a HTTP header of X-Frame-Options to every page
- debian/patches/CVE-2012-2246.patch: upstream patch
.
* SECURITY UPDATE: Prevent SVG images being displayed
- SVG images displayed inline
- Adds SVG files to the list of files to not display by default
- debian/patches/CVE-2012-2247.patch: upstream patch
Checksums-Sha1:
60c7aa100fa8eec809d9e96cbfc30e083c8d00a7 1322 mahara_1.2.6-2+squeeze6.dsc
423e37861d018e63e8356dc31c4db76ddd0da0dd 37815 mahara_1.2.6-2+squeeze6.debian.tar.gz
510743457d77c4668bf469420f9a42ef3ee5cfb6 1653316 mahara_1.2.6-2+squeeze6_all.deb
7a9f91ee21cf04aa29860f65281a2e3939873f1c 13274 mahara-apache2_1.2.6-2+squeeze6_all.deb
f0d479b22ac5b320786d38b38779c2aa41b9a1c5 446860 mahara-mediaplayer_1.2.6-2+squeeze6_all.deb
Checksums-Sha256:
71195500bb87b111e6a9d159237126c2ecddcffe28d638138486930e97b26bc2 1322 mahara_1.2.6-2+squeeze6.dsc
f6131617cfe6eb7c39bf88fadbe182aaf79f7e99faffc453a4870fe7a809029b 37815 mahara_1.2.6-2+squeeze6.debian.tar.gz
ec96ea78b48d996855f8e37c3e4042478702719ba83f39c377a59cc8a5133f0e 1653316 mahara_1.2.6-2+squeeze6_all.deb
5ec59c24cbb38469b052f77291522fe29fcc2e48ae4f8d1dcf2898af236ff75e 13274 mahara-apache2_1.2.6-2+squeeze6_all.deb
61f22cd0759aa7c86b6a6fa46000df26efc9ec28f85707e7cf865c635ba67395 446860 mahara-mediaplayer_1.2.6-2+squeeze6_all.deb
Files:
a4806b9963dd71aa67a68ffd99349f78 1322 web optional mahara_1.2.6-2+squeeze6.dsc
7736e074da40b027d5b797ade6ec8d0f 37815 web optional mahara_1.2.6-2+squeeze6.debian.tar.gz
9b769d1e0aa4682575db9c1767e27542 1653316 web optional mahara_1.2.6-2+squeeze6_all.deb
dbccd0d9bdc6268213c69aed2f5ab720 13274 web optional mahara-apache2_1.2.6-2+squeeze6_all.deb
14e54c996cf873f68782b7eef83d5cdb 446860 contrib/web optional mahara-mediaplayer_1.2.6-2+squeeze6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlDcQ1QACgkQXm3vHE4uylqtlACgqwme/MKapWQwmi+FyxnE9/pT
mW4AoJBQWGoEv4USxaOlTjvzAHKvJVrr
=wZLF
-----END PGP SIGNATURE-----
