[cyber] I: 4.1/branch packages: +2 (7945)
QA Team Robot
qa на altlinux.org
Чт Окт 7 01:48:36 UTC 2010
2 UPDATED packages
typo3-dummy - Dummy site for TYPO3
* Wed Oct 06 2010 Michael Shigorin <mike на altlinux> 4.2.15-alt0.M40.1
- 4.2.15
* Fri Aug 06 2010 Michael Shigorin <mike на altlinux> 4.2.14-alt0.M40.1
- 4.2.14: regression fixes for important security fixes in 4.2.13
- 4.2.13: major/medium security fixes:
+ several XSS in backend (valid backend login required)
+ open redirection in backend (valid backend login required)
+ SQL injection in some backend record editing forms
(special backend login/configuration required)
+ arbitrary code execution depending on server configuration
(valid backend login required to upload .phtml)
+ webroot path disclosure possible with defective extensions
+ Extension Manager: XSS and arbitrary file access
(valid backend admin login required)
+ form content element data check failure (spam abuse)
+ header injection with jumpurl feature
+ frontend login box: open redirection, XSS
+ install tool: session fixation
+ t3lib_htmlmail includes the exact CMS version in headers
* Sat Jul 04 2009 Michael Shigorin <mike на altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.
typo3_src - A free, feature rich, Content Management Framework/System
* Wed Oct 06 2010 Michael Shigorin <mike на altlinux> 4.2.15-alt0.M40.1
- 4.2.15: critical security fixes, see
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
+ remote file disclosure (no auth required)
+ several XSS in backend (valid backend login required)
+ remote file disclosure in EM (valid backend admin login required)
+ privilege escalation possible for backend user having permission
to create other backend users due to improper user input validation
+ DoS with php crash in t3lib_div::validEmail()
+ XSS protection incomplete in RemoveXSS()
* Fri Aug 06 2010 Michael Shigorin <mike на altlinux> 4.2.14-alt0.M40.1
- 4.2.14
* Sat Jul 04 2009 Michael Shigorin <mike на altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.
Total 7945 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk