Security Information / 2014 / Security Information -- DSA-2834-1 typo3-src

Debian Security Advisory

DSA-2834-1 typo3-src -- several vulnerabilities

Date Reported:

01 Jan 2014

Affected Packages:

typo3-src

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 731999.
In Mitre's CVE dictionary: CVE-2013-7073, CVE-2013-7074, CVE-2013-7075, CVE-2013-7076, CVE-2013-7078, CVE-2013-7079, CVE-2013-7080, CVE-2013-7081.

More information:

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004.

For the oldstable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze9.

For the stable distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5+wheezy2.

For the testing distribution (jessie), these problems have been fixed in version 4.5.32+dfsg1-1.

For the unstable distribution (sid), these problems have been fixed in version 4.5.32+dfsg1-1.

We recommend that you upgrade your typo3-src packages.