-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 09 May 2011 13:59:32 +1200
Source: mahara
Binary: mahara mahara-apache2
Architecture: source all
Version: 1.0.4-4+lenny10
Distribution: oldstable-security
Urgency: high
Maintainer: Mahara Debian Packaging Team <pkg-debian@mahara.org>
Changed-By: Francois Marier <francois@debian.org>
Description: 
 mahara     - Electronic portfolio, weblog, and resume builder
 mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config
Changes: 
 mahara (1.0.4-4+lenny10) oldstable-security; urgency=high
 .
   * SECURITY UPDATE: fixes to session key validation (CSRF)
     - debian/patches/CVE-2011-1403.dpatch: upstream patch
 .
   * SECURITY UPDATE: privilege escalation in admin area
     - debian/patches/CVE-2011-1402.dpatch: upstream patch
 .
   * SECURITY UPDATE: information disclosure in AJAX calls
     - debian/patches/CVE-2011-1404.dpatch: upstream patch
 .
   * SECURITY UPDATE: https to http downgrade
     - debian/patches/CVE-2011-1406.dpatch: upstream patch
Checksums-Sha1: 
 a3bfb77b09d3c5c2af835b79e2c8b1e01382d250 1947 mahara_1.0.4-4+lenny10.dsc
 a5e62e6e5ca7f91120a8b1cec2ecb278e848f23b 51338 mahara_1.0.4-4+lenny10.diff.gz
 745344863f5b622bb9a780163fe8c833837915e8 1643440 mahara_1.0.4-4+lenny10_all.deb
 686c5ac6c16d7bc3faad7db86e22c51dda602bd2 8458 mahara-apache2_1.0.4-4+lenny10_all.deb
Checksums-Sha256: 
 c67e6863dbf3740bba49a88eadc63b92589d535f55969ef5efb1e88920d847f9 1947 mahara_1.0.4-4+lenny10.dsc
 6f4ff848c1d82c91a92f4c9fb1b70eb68759980879c09e0dc15d20052d04645a 51338 mahara_1.0.4-4+lenny10.diff.gz
 e097032e34c96103058b217f0d04a50e337c619ccd171d84b8ca7b3e0d8b4c9f 1643440 mahara_1.0.4-4+lenny10_all.deb
 6cb24e7b5979b320edb769d0587dab584801a080d192dfe663e945b68aadf910 8458 mahara-apache2_1.0.4-4+lenny10_all.deb
Files: 
 e92b603bb33ed208ba576ccd0834e8c9 1947 web optional mahara_1.0.4-4+lenny10.dsc
 2d06c3c4a3cf6510cd138616f4e11378 51338 web optional mahara_1.0.4-4+lenny10.diff.gz
 825c8b7ccfd9b112f46a1eceb81073b2 1643440 web optional mahara_1.0.4-4+lenny10_all.deb
 1583ee116201bcd2dc3c4bd764076378 8458 web optional mahara-apache2_1.0.4-4+lenny10_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJNx0s9AAoJEBYoHy4AfJjR2e0P/10fta3YfZAdfgC9h5WtQo1I
0+A0qrWDCJtTqeFrHkEdIYJguxhlm9yf1KUyMT8bQ88Sci3s2TaKk4dkxCRYgX9s
ItmTIiCoGm5EkgRUDCp8NtpSLv8b6IpafmKBeSVQHl0Bn3eCYsPtGSu4rgQhXDgr
psslemsh3+PJAVjtzpr80YxqmW6reZwbt55sIqmsSts1tI464pU9kSj9fRMnFuWp
ynb4CHh3eVnMS220jiLQ13zX8s/9icQXLBwQVOrBFeIKb28XqTLc6ECENZ4G3E5V
sg0p9m+7emRt452c2Hhs0P46csJPH2ycJqOxVsmZsjYDMthAsKFsQWJv77/WMBXo
MqyZ28+/WNE5cDtSjoTo9D1MyeGLhSBFeuDjDLINX1pUAf9rL+CNemRGEcvPWEjO
k9IQZ8vcUwQUzQ2pL3avjtE5HqWQrEz45C05tRIMBYz9ytS7hjaq5RdCBfTQk4Z9
E1gsgPu3x0ChBVgObfOk1dF+0Dsk3yzicCFD/X8fklLOZ9IthwNRNcCRuC28K8fy
nzhfadn7LqGxu/kAy1mpjSsGlllxBXnn+WGLhsGK6ma6GlqOPIEbEynEwyK6jgm5
lEPOda0U1qEGTV4iHh/EA/plQbExbwZgUq12xhnGr3A+ooBn5R5x2J2Ac+j5GPZ3
TLpZdlpca9ojsHLi2AEb
=fF2D
-----END PGP SIGNATURE-----