* [cyber] I: 5.1/branch packages: +1! +2 (9613)
@ 2010-08-03 1:38 QA Team Robot
0 siblings, 0 replies; only message in thread
From: QA Team Robot @ 2010-08-03 1:38 UTC (permalink / raw)
To: sisyphus-cybertalk
1 ADDED package
wildmidi - WildMidi Open Source Midi Sequencer
* Mon Aug 02 2010 Motsyo Gennadi <drool@altlinux> 0.2.3.3-alt0.M51.2
- fix build for /etc/timidity.cfg
* Mon Aug 02 2010 Motsyo Gennadi <drool@altlinux> 0.2.3.3-alt0.M51.1
- build for M51
* Wed Jul 14 2010 Fr. Br. George <george@altlinux> 0.2.3.3-alt1
2 UPDATED packages
typo3-dummy - Dummy site for TYPO3
* Sun Aug 01 2010 Michael Shigorin <mike@altlinux> 4.3.4-alt1
- 4.3.4
* Tue Feb 23 2010 Michael Shigorin <mike@altlinux> 4.3.2-alt1
- 4.3.2
* Thu Jan 14 2010 Michael Shigorin <mike@altlinux> 4.3.1-alt1
- 4.3.1
* Mon Nov 30 2009 Michael Shigorin <mike@altlinux> 4.3.0-alt1
- 4.3.0
* Sun Oct 25 2009 Michael Shigorin <mike@altlinux> 4.2.10-alt1
typo3_src - A free, feature rich, Content Management Framework/System [12M]
* Sun Aug 01 2010 Michael Shigorin <mike@altlinux> 4.3.4-alt1
- 4.3.4: major/medium security fixes:
+ several XSS in backend (valid backend login required)
+ open redirection in backend (valid backend login required)
+ SQL injection in some backend record editing forms
(special backend login/configuration required)
+ arbitrary code execution depending on server configuration
(valid backend login required to upload .phtml)
+ webroot path disclosure possible with defective extensions
+ Extension Manager: XSS and arbitrary file access
(valid backend admin login required)
+ user auth, "forgot password": PHP insecure randomness
+ form content element data check failure (spam abuse)
+ header injection with jumpurl feature
+ frontend login box: open redirection, XSS
+ install tool: session fixation
+ extbase XSS possible with FLUID Templating Engine
+ t3lib_htmlmail includes the exact CMS version in headers
* Tue Feb 23 2010 Michael Shigorin <mike@altlinux> 4.3.2-alt1
- 4.3.2: major/medium security fixes (no CVE so far)
+ frontend login: possible auth bypass using a hash
*if* "saltedpasswords" is enabled
*and* several auth services are configured
+ frontend: possible CSS if running on php-cgi
+ backend: possible XSSes (valid backend login required)
+ backend: information disclosure with specific
sys_action setup (valid backend login required)
+ https://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/
* Thu Jan 14 2010 Michael Shigorin <mike@altlinux> 4.3.1-alt1
- 4.3.1: major security fix for "openid" system extension
(possible backend user authentication bypass if it's enabled):
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
* Sun Dec 13 2009 Michael Shigorin <mike@altlinux> 4.3.0-alt2
- gzip ChangeLog (repocop)
* Mon Nov 30 2009 Michael Shigorin <mike@altlinux> 4.3.0-alt1
- 4.3.0: new and improved series, see also
https://typo3.org/download/release-notes/typo3-43/
- /usr/share/typo3_src-$major.$minor symlink to ease deployment
and upgrade throughout patchlevel series
* Sun Oct 25 2009 Michael Shigorin <mike@altlinux> 4.2.10-alt1
Total 9613 source packages.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-08-03 1:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-03 1:38 [cyber] I: 5.1/branch packages: +1! +2 (9613) QA Team Robot
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git