From: QA Team Robot <qa@altlinux.org> To: sisyphus-cybertalk@lists.altlinux.org Subject: [cyber] I: 4.1/branch packages: +2 (7945) Date: Thu, 7 Oct 2010 01:48:36 +0000 Message-ID: <20101007014836.GA26533@granary.armor.altlinux.org> (raw) 2 UPDATED packages typo3-dummy - Dummy site for TYPO3 * Wed Oct 06 2010 Michael Shigorin <mike@altlinux> 4.2.15-alt0.M40.1 - 4.2.15 * Fri Aug 06 2010 Michael Shigorin <mike@altlinux> 4.2.14-alt0.M40.1 - 4.2.14: regression fixes for important security fixes in 4.2.13 - 4.2.13: major/medium security fixes: + several XSS in backend (valid backend login required) + open redirection in backend (valid backend login required) + SQL injection in some backend record editing forms (special backend login/configuration required) + arbitrary code execution depending on server configuration (valid backend login required to upload .phtml) + webroot path disclosure possible with defective extensions + Extension Manager: XSS and arbitrary file access (valid backend admin login required) + form content element data check failure (spam abuse) + header injection with jumpurl feature + frontend login box: open redirection, XSS + install tool: session fixation + t3lib_htmlmail includes the exact CMS version in headers * Sat Jul 04 2009 Michael Shigorin <mike@altlinux> 4.2.8-alt0.M40.1 Note: changelog entry for 4.2.8-alt0.M41.1 not found. typo3_src - A free, feature rich, Content Management Framework/System * Wed Oct 06 2010 Michael Shigorin <mike@altlinux> 4.2.15-alt0.M40.1 - 4.2.15: critical security fixes, see http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ + remote file disclosure (no auth required) + several XSS in backend (valid backend login required) + remote file disclosure in EM (valid backend admin login required) + privilege escalation possible for backend user having permission to create other backend users due to improper user input validation + DoS with php crash in t3lib_div::validEmail() + XSS protection incomplete in RemoveXSS() * Fri Aug 06 2010 Michael Shigorin <mike@altlinux> 4.2.14-alt0.M40.1 - 4.2.14 * Sat Jul 04 2009 Michael Shigorin <mike@altlinux> 4.2.8-alt0.M40.1 Note: changelog entry for 4.2.8-alt0.M41.1 not found. Total 7945 source packages.
reply other threads:[~2010-10-07 1:48 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20101007014836.GA26533@granary.armor.altlinux.org \ --to=qa@altlinux.org \ --cc=devel@lists.altlinux.org \ --cc=sisyphus-cybertalk@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \ sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com public-inbox-index sisyphus-cybertalk Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk AGPL code for this site: git clone https://public-inbox.org/public-inbox.git