From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: 4.1/branch packages: +2 (7945)
Date: Thu, 7 Oct 2010 01:48:36 +0000
Message-ID: <20101007014836.GA26533@granary.armor.altlinux.org> (raw)
2 UPDATED packages
typo3-dummy - Dummy site for TYPO3
* Wed Oct 06 2010 Michael Shigorin <mike@altlinux> 4.2.15-alt0.M40.1
- 4.2.15
* Fri Aug 06 2010 Michael Shigorin <mike@altlinux> 4.2.14-alt0.M40.1
- 4.2.14: regression fixes for important security fixes in 4.2.13
- 4.2.13: major/medium security fixes:
+ several XSS in backend (valid backend login required)
+ open redirection in backend (valid backend login required)
+ SQL injection in some backend record editing forms
(special backend login/configuration required)
+ arbitrary code execution depending on server configuration
(valid backend login required to upload .phtml)
+ webroot path disclosure possible with defective extensions
+ Extension Manager: XSS and arbitrary file access
(valid backend admin login required)
+ form content element data check failure (spam abuse)
+ header injection with jumpurl feature
+ frontend login box: open redirection, XSS
+ install tool: session fixation
+ t3lib_htmlmail includes the exact CMS version in headers
* Sat Jul 04 2009 Michael Shigorin <mike@altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.
typo3_src - A free, feature rich, Content Management Framework/System
* Wed Oct 06 2010 Michael Shigorin <mike@altlinux> 4.2.15-alt0.M40.1
- 4.2.15: critical security fixes, see
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
+ remote file disclosure (no auth required)
+ several XSS in backend (valid backend login required)
+ remote file disclosure in EM (valid backend admin login required)
+ privilege escalation possible for backend user having permission
to create other backend users due to improper user input validation
+ DoS with php crash in t3lib_div::validEmail()
+ XSS protection incomplete in RemoveXSS()
* Fri Aug 06 2010 Michael Shigorin <mike@altlinux> 4.2.14-alt0.M40.1
- 4.2.14
* Sat Jul 04 2009 Michael Shigorin <mike@altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.
Total 7945 source packages.
reply other threads:[~2010-10-07 1:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101007014836.GA26533@granary.armor.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git