← Back to branch summary

~ubuntu-branches/ubuntu/lucid/mahara/lucid-security

Viewing all changes in revision 19.

  • Committer: Package Import Robot
  • Author(s): Melissa Draper
  • Date: 2011-11-02 21:26:46 UTC
  • Revision ID: package-import@ubuntu.com-20111102212646-vlu4g4gzrsz00od9
Tags: 1.2.4-1ubuntu0.4
https://launchpad.net/bugs/888358
https://launchpad.net/bugs/888358
https://launchpad.net/bugs/888358
https://launchpad.net/bugs/888358
* SECURITY UPDATE: XSS in unvalidated URI attributes
  - Added a filter to sanitise user input urls (LP: #888358)
  - debian/patches/CVE-2011-2771.patch: upstream patch
  - CVE-2011-2771

* SECURITY UPDATE: DoS attack via invalid or excessively large images
  - Added a check to evaluate available memory before processing
    (LP: #888358)
  - debian/patches/CVE-2011-2772.patch: upstream patch
  - CVE-2011-2772

* SECURITY UPDATE: XSRF allowing attackers to trick an admin into adding 
  them to an institution
  - Session check added (LP: #888358)
  - debian/patches/CVE-2011-2773.patch: upstream patch
  - CVE-2011-2773

* SECURITY UPDATE: Prevent masquerading users from jumping as others
  - Added a check to prevent jumping as other users. (LP: #888358)
  - debian/patches/mnet_masquerading.patch: upstream patch

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: