Candidate: CVE-2012-2239
PublicDate: 2012-11-24 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2239
 https://mahara.org/interaction/forum/topic.php?id=4869
 https://bugs.launchpad.net/mahara/+bug/1047111
Description:
 Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to
 read arbitrary files or create TCP connections via an XML external entity
 (XXE) injection attack, as demonstrated by reading config.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: Hugh Davenport
CVSS: 

Patches_mahara:
upstream_mahara: released (1.5.1-3)
hardy_mahara: DNE
lucid_mahara: ignored (reached end-of-life)
oneiric_mahara: ignored (reached end-of-life)
precise_mahara: ignored (reached end-of-life)
precise/esm_mahara: DNE (precise was needed)
quantal_mahara: ignored (reached end-of-life)
raring_mahara: not-affected (1.5.1-3.1)
saucy_mahara: not-affected (1.5.1-3.1)
trusty_mahara: DNE
trusty/esm_mahara: DNE
utopic_mahara: DNE
vivid_mahara: DNE
vivid/stable-phone-overlay_mahara: DNE
vivid/ubuntu-core_mahara: DNE
wily_mahara: DNE
xenial_mahara: DNE
yakkety_mahara: DNE
zesty_mahara: DNE
devel_mahara: DNE