-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2008-1 security@xxxxxxxxxx http://www.debian.org/security/ Moritz Muehlenhoff March 08, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : typo3-src Vulnerability : several Problem type : local/remote Debian-specific: no CVE Id(s) : not yet available Debian Bug : 571151 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/ For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 4.3.2-1. We recommend that you upgrade your typo3-src package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.dsc Size/MD5 checksum: 1008 2b5fae60fae3e6a6aac0abab77878aab http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz Size/MD5 checksum: 8144727 75b2e5db6ac586fb6176f329be452159 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.diff.gz Size/MD5 checksum: 128331 a6c5d19786ea0cb438dca15a5e4cd03d Architecture independent packages: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny3_all.deb Size/MD5 checksum: 8201908 b9597dd425a73b6cb89bdc3724fcb02f http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny3_all.deb Size/MD5 checksum: 133890 7322ee4dbabfb7b8a9ad34541a750777 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuVhQgACgkQXm3vHE4uylo4xgCgohzOaLUcU4En9DQynWda8gOP SrUAniZckHE8wYFiYdCB4ukcJY4dWCqB =KtlY -----END PGP SIGNATURE-----
