[cyber] I: 4.1/branch packages: +2 (7945)

QA Team Robot qa на altlinux.org
Чт Окт 7 01:48:36 UTC 2010


	2 UPDATED packages

typo3-dummy - Dummy site for TYPO3
* Wed Oct 06 2010 Michael Shigorin <mike на altlinux> 4.2.15-alt0.M40.1
- 4.2.15
* Fri Aug 06 2010 Michael Shigorin <mike на altlinux> 4.2.14-alt0.M40.1
- 4.2.14: regression fixes for important security fixes in 4.2.13
- 4.2.13: major/medium security fixes:
  + several XSS in backend (valid backend login required)
  + open redirection in backend (valid backend login required)
  + SQL injection in some backend record editing forms
    (special backend login/configuration required)
  + arbitrary code execution depending on server configuration
    (valid backend login required to upload .phtml)
  + webroot path disclosure possible with defective extensions
  + Extension Manager: XSS and arbitrary file access
    (valid backend admin login required)
  + form content element data check failure (spam abuse)
  + header injection with jumpurl feature
  + frontend login box: open redirection, XSS
  + install tool: session fixation
  + t3lib_htmlmail includes the exact CMS version in headers
* Sat Jul 04 2009 Michael Shigorin <mike на altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.

typo3_src - A free, feature rich, Content Management Framework/System
* Wed Oct 06 2010 Michael Shigorin <mike на altlinux> 4.2.15-alt0.M40.1
- 4.2.15: critical security fixes, see
  http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
  + remote file disclosure (no auth required)
  + several XSS in backend (valid backend login required)
  + remote file disclosure in EM (valid backend admin login required)
  + privilege escalation possible for backend user having permission
    to create other backend users due to improper user input validation
  + DoS with php crash in t3lib_div::validEmail()
  + XSS protection incomplete in RemoveXSS()
* Fri Aug 06 2010 Michael Shigorin <mike на altlinux> 4.2.14-alt0.M40.1
- 4.2.14
* Sat Jul 04 2009 Michael Shigorin <mike на altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.

Total 7945 source packages.


Подробная информация о списке рассылки Sisyphus-cybertalk