Debian Security Advisory
DSA-2098-1 typo3-src -- several vulnerabilities
- Date Reported:
- 29 Aug 2010
- Affected Packages:
- typo3-src
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 590719.
- More information:
-
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory.
For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny4.
The testing distribution (squeeze) will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 4.3.5-1.
We recommend that you upgrade your typo3-src package.
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.dsc
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.diff.gz
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.dsc
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny4_all.deb
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny4_all.deb
- http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny4_all.deb
MD5 checksums of the listed files are available in the original advisory.