From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------- Debian Security Advisory DSA-2467-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
May 09, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mahara
Vulnerability : insecure defaults
Problem type : remote
Debian-specific: no

It was discovered that Mahara, the portfolio, weblog, and resume builder,
had an insecure default with regards to SAML-based authentication used
with more than one SAML identity provider. Someone with control over one
IdP could impersonate users from other IdP's.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.6-2+squeeze4.

For the testing distribution (wheezy) and unstable distribution (sid),
this problem has been fixed in version 1.4.2-1.

We recommend that you upgrade your mahara packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJPqq1YAAoJEOxfUAG2iX57XpsH/jd+dpSgjuT/oetg3PP3+g92 Byq+pr5sNNQq7RAGtSdZFB0eN8zAtJIf06bIM0uc8qK3yHaLWu81j0sW6SOobHlO nm0A5HeLLc6SrQPsleZdPupBi0mU7EgSX2U88imfhDbGTdM6PalMt7quSE38rC0g r+NRO9PXt3xxIiUlmgT90RdSLeeqFAE1kE8SrvMR4vxKdxVyZW24ZKUtpAguS4ch CsqvpMaX8nnHEIV1ffWVDE4mfroj9/+Nts0fxZD6SxMiTVjPZDXTmkYP2YuGzO7P zQTTal42Gf5De+Rf4XD1PjKlcQb2m1QLMqa00k9I4FjWq5Se3x5aL8g+tw6eGIA=
=MHiw
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)