Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Oct 2013 14:18:48 +0200
From: Raphael Geissert <>
Subject: Re: CVE request: mahara 1.7.3

So, the commits...

On 8 October 2013 12:16, Raphael Geissert <> wrote:
> Hi,
> Multiple vulnerabilities have been discovered and fixed in the 1.7.3
> release of Mahara:
> From [1]
>> * Bug #1211758 Arbitrary image download

>> * Bug #1175446 user supplied $_SERVER['HTTP_HOST'] can be used for injections

>> * Bug #1233500 Not checking ownership of blocks before editing them

And while at I found the following:

Which doesn't appear to be mentioned in the changelog, but the bug
report clearly states it was meant to be handled as a security issue.

Raphael Geissert - Debian Developer -

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.