Re: Security bug in mahara-1.0.4-3: upload to testing-proposed-updates?
Francois Marier wrote:
> (Please CC me on your replies, thanks!)
>
> Hello,
>
> The version of mahara that's in lenny (1.0.4-3) has an XSS vulnerability as
> reported in the release notes:
>
> http://mahara.org/interaction/forum/topic.php?id=198
>
> (no Debian bug or CVE number for it at the moment)
>
> There is a new upstream release (1.0.9) containing these fixes in
> sid. However, given that it contains other non-security changes, I have also
> prepared a patched 1.0.4 version for lenny.
>
> I have attached the very small debdiff between -3 and -4 to this email.
>
> Please let me know whether I should upload 1.0.4-4 to
> testing-proposed-updates or whether you prefer to unblock the package that's
> in sid.
Please upload to testing-proposed-updates.
Cheers
Luk
Reply to: