From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sat, 7 Aug 2010 01:53:26 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: <20100807015326.GA3936@granary.armor.altlinux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: 4.0/branch packages: +2 (6855) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Aug 2010 01:53:26 -0000 Archived-At: List-Archive: 2 UPDATED packages typo3-dummy - Dummy site for TYPO3 * Fri Aug 06 2010 Michael Shigorin 4.2.14-alt0.M40.1 - 4.2.14: regression fixes for important security fixes in 4.2.13 - 4.2.13: major/medium security fixes: + several XSS in backend (valid backend login required) + open redirection in backend (valid backend login required) + SQL injection in some backend record editing forms (special backend login/configuration required) + arbitrary code execution depending on server configuration (valid backend login required to upload .phtml) + webroot path disclosure possible with defective extensions + Extension Manager: XSS and arbitrary file access (valid backend admin login required) + form content element data check failure (spam abuse) + header injection with jumpurl feature + frontend login box: open redirection, XSS + install tool: session fixation + t3lib_htmlmail includes the exact CMS version in headers * Sat Jul 04 2009 Michael Shigorin 4.2.8-alt0.M40.1 typo3_src - A free, feature rich, Content Management Framework/System * Fri Aug 06 2010 Michael Shigorin 4.2.14-alt0.M40.1 - 4.2.14 * Sat Jul 04 2009 Michael Shigorin 4.2.8-alt0.M40.1 Total 6855 source packages.