Debian Security Advisory

DSA-2008-1 typo3-src -- several vulnerabilities

Date Reported:

08 Mar 2010

Affected Packages:

typo3-src

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 571151.

More information:

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory.

For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny3.

For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 4.3.2-1.

We recommend that you upgrade your typo3-src package.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Source:: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.dsc; http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz; http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.diff.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny3_all.deb; http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny3_all.deb

MD5 checksums of the listed files are available in the original advisory.