(please CC me on replies, I'm not on this list) Hi, I just want to report that this issue: http://security-tracker.debian.org/tracker/CVE-2009-2171 does not apply to the 1.0 series of Mahara, as mentioned on the upstream advisory: http://mahara.org/interaction/forum/topic.php?id=753 So the lenny version of Mahara, 1.0.4-4+lenny3, should not be marked as vulnerable. Cheers, Francois
Attachment:
signature.asc
Description: Digital signature