From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qa@altlinux.org>
Date: Thu, 7 Oct 2010 01:48:36 +0000
From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Message-ID: <20101007014836.GA26533@granary.armor.altlinux.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [cyber] I: 4.1/branch packages: +2 (7945)
X-BeenThere: sisyphus-cybertalk@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: devel@lists.altlinux.org
List-Id: ALT Linux Sisyphus cybertalk <sisyphus-cybertalk.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sisyphus-cybertalk>,
	<mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sisyphus-cybertalk>
List-Post: <mailto:sisyphus-cybertalk@lists.altlinux.org>
List-Help: <mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sisyphus-cybertalk>,
	<mailto:sisyphus-cybertalk-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2010 01:48:37 -0000
Archived-At: <http://lore.altlinux.org/sisyphus-cybertalk/20101007014836.GA26533@granary.armor.altlinux.org/>
List-Archive: <http://lore.altlinux.org/sisyphus-cybertalk/>

	2 UPDATED packages

typo3-dummy - Dummy site for TYPO3
* Wed Oct 06 2010 Michael Shigorin <mike@altlinux> 4.2.15-alt0.M40.1
- 4.2.15
* Fri Aug 06 2010 Michael Shigorin <mike@altlinux> 4.2.14-alt0.M40.1
- 4.2.14: regression fixes for important security fixes in 4.2.13
- 4.2.13: major/medium security fixes:
  + several XSS in backend (valid backend login required)
  + open redirection in backend (valid backend login required)
  + SQL injection in some backend record editing forms
    (special backend login/configuration required)
  + arbitrary code execution depending on server configuration
    (valid backend login required to upload .phtml)
  + webroot path disclosure possible with defective extensions
  + Extension Manager: XSS and arbitrary file access
    (valid backend admin login required)
  + form content element data check failure (spam abuse)
  + header injection with jumpurl feature
  + frontend login box: open redirection, XSS
  + install tool: session fixation
  + t3lib_htmlmail includes the exact CMS version in headers
* Sat Jul 04 2009 Michael Shigorin <mike@altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.

typo3_src - A free, feature rich, Content Management Framework/System
* Wed Oct 06 2010 Michael Shigorin <mike@altlinux> 4.2.15-alt0.M40.1
- 4.2.15: critical security fixes, see
  http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
  + remote file disclosure (no auth required)
  + several XSS in backend (valid backend login required)
  + remote file disclosure in EM (valid backend admin login required)
  + privilege escalation possible for backend user having permission
    to create other backend users due to improper user input validation
  + DoS with php crash in t3lib_div::validEmail()
  + XSS protection incomplete in RemoveXSS()
* Fri Aug 06 2010 Michael Shigorin <mike@altlinux> 4.2.14-alt0.M40.1
- 4.2.14
* Sat Jul 04 2009 Michael Shigorin <mike@altlinux> 4.2.8-alt0.M40.1
Note: changelog entry for 4.2.8-alt0.M41.1 not found.

Total 7945 source packages.