-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 02 Nov 2011 17:48:42 +1300 Source: mahara Binary: mahara mahara-apache2 mahara-mediaplayer Architecture: source all Version: 1.2.6-2+squeeze3 Distribution: stable-security Urgency: high Maintainer: Mahara Packaging Team Changed-By: Francois Marier Description: mahara - Electronic portfolio, weblog, and resume builder mahara-apache2 - Electronic portfolio, weblog, and resume builder - apache2 config mahara-mediaplayer - Electronic portfolio, weblog, and resume builder - internal media Changes: mahara (1.2.6-2+squeeze3) stable-security; urgency=high . * SECURITY UPDATE: fix unsanitised URIs in external feed block (XSS) - debian/patches/CVE-2011-2771.patch: upstream patch . * SECURITY UPDATE: fix DoS when large or invalid images are uploaded - debian/patches/CVE-2011-2772.patch: upstream patch . * SECURITY UPDATE: fix CSRF when adding a user to an institution - debian/patches/CVE-2011-2773.patch: upstream patch . * SECURITY UPDATE: prevent masquerading as another user through MNet - debian/patches/mnet_masquerading.patch: upstream patch Checksums-Sha1: 24f1c58833d6f48582daf8079eb0579f65a2c356 1962 mahara_1.2.6-2+squeeze3.dsc 9c3743eab70bb28562994b17a0840b5441bc58fb 29701 mahara_1.2.6-2+squeeze3.debian.tar.gz 80077b9215ead75f1c4cac9899a33ec17d95763d 1636316 mahara_1.2.6-2+squeeze3_all.deb 07c37195cef1b362e34327b069d266b2311d867b 12738 mahara-apache2_1.2.6-2+squeeze3_all.deb a71e3ac7fbb4b201f7bb7878542568b3101bd833 448350 mahara-mediaplayer_1.2.6-2+squeeze3_all.deb Checksums-Sha256: edab8fed9ebabc9320280b085a67e57e537bc51eebcb2b1f428d58c7c780bd1e 1962 mahara_1.2.6-2+squeeze3.dsc 7f7e2b4fc995053107ebe951befec873a2bc2a5662c1248bad5ec32b8f68f0a1 29701 mahara_1.2.6-2+squeeze3.debian.tar.gz ee301c1ada63a9fca60dda29802a55d84c85babdcb35fe93c003505bd191eea8 1636316 mahara_1.2.6-2+squeeze3_all.deb 3378cd8adbb76769e44223c4bb2f43e1f952317ce31f5e0ff46677c5582221f6 12738 mahara-apache2_1.2.6-2+squeeze3_all.deb 9731acea50217e9abb4d717aef05928e92486389536ae7c1225eb8e317f19f9a 448350 mahara-mediaplayer_1.2.6-2+squeeze3_all.deb Files: 8eda76b60754a457ecb93cc2491d9818 1962 web optional mahara_1.2.6-2+squeeze3.dsc 833b684bb421f434aeac1c6230eb21e2 29701 web optional mahara_1.2.6-2+squeeze3.debian.tar.gz a7aaae5b3593de90c1bc644983cd0b9d 1636316 web optional mahara_1.2.6-2+squeeze3_all.deb e8e4b1d7ac91f0fdd5d43fe9e1fdcc73 12738 web optional mahara-apache2_1.2.6-2+squeeze3_all.deb ed2f5131bed874a37ba2312e80297187 448350 contrib/web optional mahara-mediaplayer_1.2.6-2+squeeze3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJOsNBIAAoJEBYoHy4AfJjRs+kQAJ5yj9jN5jwMrkTHxmIny/Rc ZdE8Cfl9FqF/asFRgdrFwygO4WLb+I1hTtLamub8I9eZCILXA9le885WMUkGdl16 DVim4zK62WHo75pJQXY31Mc66v1YmeR51hz24SLiD4CG0aDWznRreAMHPINdpvrU 57Gm7jTI3vMcuq2lTpvkHAv8mmooKyQOyRMp422RNJbzdzxBTxmRhX1ppzvNozxA lbYD0ypyxnWkbPq2ddEr8uNn1dMjI0gwZCtXH6NyAXYbMRy9c+XinL1fsxRbap1k YM7KXFRaX7Cj2G1nVdmCtDWJrolc9NlE16wHzEmxc+G60ZW2696pBRo/hx9e/36q F2zJPfrjsmS0DfhVu4yHYEaTSqUx0Ebj1qhtj3+Yu4xw2rPtaA7wRFGr2C9ok2TV DrVXuREDqv54oOYEb6Erj37oqo8F4OMJ861ir9LUt2LZYZH200N221FUrnYhqhv9 F4I7eXZUkdD2HijnqeFIlKZQBPSNDCZM9D6vmy4/aizRgurAxtLmdJOwvmHseSLm Gs2HY8I/doqPymyjIVG5AZW8HPIZibSKOg7QEJaSpcAO0K43j8qgxgJBi8JbrPL1 CTNWXeb3bBZ5N2hVNl/7wklV9muK6HljXU+qgiVGgwTWk0nBrbZfA4XfSsY5psJn vT/2orICFqPSRLDTogfx =mcGv -----END PGP SIGNATURE-----