Subject: [DSA 2098-1] New typo3-src packages fix several vulnerabilities
Newsgroups: gmane.linux.debian.user.security.announce
Date: 2010-08-29 10:35:01 GMT (1 year, 38 weeks, 19 hours and 25 minutes ago)
------------------------------------------------------------------------ Debian Security Advisory DSA-2098-1 security <at> debian.org http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq ------------------------------------------------------------------------ Package : typo3-src Vulnerability : several Problem type : local/remote Debian-specific: no CVE Id(s) : not yet available Debian Bug : 590719 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/ For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny4. The testing distribution (squeeze) will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 4.3.5-1. We recommend that you upgrade your typo3-src package. Upgrade instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz Size/MD5 checksum: 8144727 75b2e5db6ac586fb6176f329be452159 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.dsc Size/MD5 checksum: 1008 018342ba199d8f866382b6791a617831 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.diff.gz Size/MD5 checksum: 146540 9a2b90a47fd6373863cf43cecbbb53ee Architecture independent packages: http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny4_all.deb Size/MD5 checksum: 133958 4ec08c57f0dc4abb1681e98f403d81de http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny4_all.deb Size/MD5 checksum: 8192390 88cd8939bd4d1c5aad5aa0aa986f8855 These files will probably be moved into the stable distribution on its next update. --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce <at> lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>