From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: 5.1/branch packages: +1! +2 (9613) Date: Tue, 3 Aug 2010 01:38:37 +0000 Message-ID: <20100803013837.GA2012@granary.armor.altlinux.org> (raw) 1 ADDED package wildmidi - WildMidi Open Source Midi Sequencer * Mon Aug 02 2010 Motsyo Gennadi <drool@altlinux> 0.2.3.3-alt0.M51.2 - fix build for /etc/timidity.cfg * Mon Aug 02 2010 Motsyo Gennadi <drool@altlinux> 0.2.3.3-alt0.M51.1 - build for M51 * Wed Jul 14 2010 Fr. Br. George <george@altlinux> 0.2.3.3-alt1 2 UPDATED packages typo3-dummy - Dummy site for TYPO3 * Sun Aug 01 2010 Michael Shigorin <mike@altlinux> 4.3.4-alt1 - 4.3.4 * Tue Feb 23 2010 Michael Shigorin <mike@altlinux> 4.3.2-alt1 - 4.3.2 * Thu Jan 14 2010 Michael Shigorin <mike@altlinux> 4.3.1-alt1 - 4.3.1 * Mon Nov 30 2009 Michael Shigorin <mike@altlinux> 4.3.0-alt1 - 4.3.0 * Sun Oct 25 2009 Michael Shigorin <mike@altlinux> 4.2.10-alt1 typo3_src - A free, feature rich, Content Management Framework/System [12M] * Sun Aug 01 2010 Michael Shigorin <mike@altlinux> 4.3.4-alt1 - 4.3.4: major/medium security fixes: + several XSS in backend (valid backend login required) + open redirection in backend (valid backend login required) + SQL injection in some backend record editing forms (special backend login/configuration required) + arbitrary code execution depending on server configuration (valid backend login required to upload .phtml) + webroot path disclosure possible with defective extensions + Extension Manager: XSS and arbitrary file access (valid backend admin login required) + user auth, "forgot password": PHP insecure randomness + form content element data check failure (spam abuse) + header injection with jumpurl feature + frontend login box: open redirection, XSS + install tool: session fixation + extbase XSS possible with FLUID Templating Engine + t3lib_htmlmail includes the exact CMS version in headers * Tue Feb 23 2010 Michael Shigorin <mike@altlinux> 4.3.2-alt1 - 4.3.2: major/medium security fixes (no CVE so far) + frontend login: possible auth bypass using a hash *if* "saltedpasswords" is enabled *and* several auth services are configured + frontend: possible CSS if running on php-cgi + backend: possible XSSes (valid backend login required) + backend: information disclosure with specific sys_action setup (valid backend login required) + https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/ * Thu Jan 14 2010 Michael Shigorin <mike@altlinux> 4.3.1-alt1 - 4.3.1: major security fix for "openid" system extension (possible backend user authentication bypass if it's enabled): http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/ * Sun Dec 13 2009 Michael Shigorin <mike@altlinux> 4.3.0-alt2 - gzip ChangeLog (repocop) * Mon Nov 30 2009 Michael Shigorin <mike@altlinux> 4.3.0-alt1 - 4.3.0: new and improved series, see also https://typo3.org/download/release-notes/typo3-43/ - /usr/share/typo3_src-$major.$minor symlink to ease deployment and upgrade throughout patchlevel series * Sun Oct 25 2009 Michael Shigorin <mike@altlinux> 4.2.10-alt1 Total 9613 source packages.
reply other threads:[~2010-08-03 1:38 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20100803013837.GA2012@granary.armor.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git