Debian Linux Security Advisory 2030-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names.
6866dfabf9db4a4401fe1c5cef6f5ee15f979ece647c529e81cfe7c90de99c80