thr3ads.net - Secure testing team - [Secure-testing-team] Bug#603749: CVE-2010-3871 [Nov 2010]

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2010-Nov-16 22:07 UTC

[Secure-testing-team] Bug#603749: CVE-2010-3871

Package: mahara
Severity: grave
Tags: security

Hi,
please see

http://wiki.mahara.org/Release_Notes/1.3.3 and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3871

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages mahara depends on:
ii  cron                          3.0pl1-114 process scheduling daemon
ii  debconf [debconf-2.0]         1.5.36     Debian configuration management sy
ii  file                          5.04-5     Determines file type using
"magic"
ii  perl                          5.10.1-15  Larry Wall''s Practical
Extraction
pn  php-file                      <none>     (no description available)
pn  php-pear                      <none>     (no description available)
pn  php5-cli                      <none>     (no description available)
pn  php5-gd                       <none>     (no description available)
pn  php5-pgsql | php5-mysql       <none>     (no description available)
pn  smarty                        <none>     (no description available)
ii  ttf-freefont                  20090104-7 Freefont Serif, Sans and Mono True

Versions of packages mahara recommends:
pn  clamav                        <none>     (no description available)
pn  clamav-daemon                 <none>     (no description available)
pn  libfile-slurp-perl            <none>     (no description available)
pn  libtext-diff-perl             <none>     (no description available)
pn  mahara-apache2                <none>     (no description available)
pn  php5-curl                     <none>     (no description available)
pn  php5-imagick                  <none>     (no description available)
pn  php5-xmlrpc                   <none>     (no description available)
pn  postgresql | postgresql-8.3 | <none>     (no description available)

mahara suggests no packages.

Secure testing team - Nov 2010 - Bug#603749: CVE-2010-3871

[Secure-testing-team] Bug#603749: CVE-2010-3871