Am 23.07.2016 um 13:15 schrieb Santiago Vila:
Patch attached.
I prepared a new package. This can be found on mentors, because i cannot
upload myself. You can find it here:
https://mentors.debian.net/debian/pool/main/libj/libjs-swfobject/libjs-swfobject_2.2+dfsg-2.dsc
--
MfG, Christian
+ds2-1.dsc
and upload for me, if all is good.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
Am 02.01.2016 um 10:27 schrieb Matthias Klose:
any update on this?
Uploaded a new version to m.d.n but cannot upload to archive.
See here for more information:
http://mentors.debian.net/package/swftools
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint
.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
TYPO3
installation the configuration option
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] is set to sendmail.
Installations with the default configuration are not affected.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401
access are stored as md5 hash in the database.
This hash (e.g. taken from a successful SQL injection) can be used
directly to authenticate backend users without knowing or reverse
engineering the password.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688
, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
/I:C/A:C/E:F/RL:O/RC:C
CVE: CVE-2013-4250
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
, but only the
package apache2-bin. Thats why the script apache2-maintscript-helper
is not found,
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ
-maintscript-helper
is not found,
No, there is no dependency on apache2:
Yes, wrong wording.
The problem is on another part of the script. See Arnos message.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117
and the apache2.2 code would wrongly be skiped,
wouldnt it?
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe
:
lookup more information on
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian
.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
, but hopefully 6.0 will be in
the archive then and this bug can be closed.
As i wrote: 6.0 added an even bigger chunk of AS3 code which cannot be
compiled without flex-sdk.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9
not removing the package would be a better idea?
Perhaps this is the better choice, as most new TYPO3 projects will use
6.0 or newer. I think many of the currently running installations are
4.6 or 4.7, and only a minority is at 4.5 currently.
--
MfG, Christian Welzel
GPG-Key: pub 4096R
v2.0: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:P/RL:O/RC:C
Problem Description: Failing to properly encode user input, the function
menu API is susceptible to Cross-Site Scripting. A valid backend login
is required to exploit this vulnerability.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de
tags 690236 pending
tags 690237 pending
Segmentation fault (core dumped)
make: *** [build] Error 139
A fixed version of swftools was uploaded to mentors.d.n.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C
Problem Description: Failing to properly sanitize user input, the
Install Tool is susceptible to Cross-Site Scripting.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9
Package: libjs-swfupload
Version: 2.2.0.1+ds1-1
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
libjs-swfupload contains a XSS security vulnarability that allows attackers to
inject javascript code into the context of the current webpage.
As a Flash applet can be
Am 04.06.2012 12:55, schrieb Holger Levsen:
On Sonntag, 3. Juni 2012, Christian Welzel wrote:
These files directly correlate to some of TYPO3 content elements.
Removing the swf would mean to patch TYPO3 core too.
so you would like to get this bugged tagged wheezy-ignore again?
If thats
too.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
This is AS3, but as3compile cannot compile it because of missing
features in as3compile. Source code is included in source package.
--
MfG, Christian Welzel
GPG-Key: pub 4096R/5117E119 2011-09-19
Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119
--
To UNSUBSCRIBE, email
they are presented.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
crafted HTML
injections, thus is susceptible to Cross-Site Scripting.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
will allow an attacker to load PHP code from an external source and to
execute it on the TYPO3 installation.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc
Am 07.12.2011 08:50, schrieb Andreas Rittershofer:
The problem is caused due to a wrong symbolic link to prototype.js. After
correcting this symbolic link, TYPO3 runs fine.
What exactly caused that wrong symlink?
My tests worked well and all symlinks are correct.
--
MfG, Christian Welzel
.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
an attacker to easily flood the caching tables of
TYPO3.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject
is not applied on
ExtDirect calls. This allows arbitrary BE users to consume any available
ExtDirect endpoint service.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian
escapeStrForLike() is failing to properly quote user input, making it is
possible to inject wildcards into a LIKE query. This could potentially
disclose a set of records that are meant to be kept in secret.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50
know the cause) and that leeds
to the failure that dbconfig-common cannot set up the database.
Please make sure, that mysql-server is running when typo3-database
is configured and try again.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF
typo3-svn. player.swf came from pixelout player 1.2
All actionscript 3 code is not buildable within debian because
debian has no as3 compiler. Perhaps flex-sdk will be available
in some time (see #602499) but until then no as3-swf can be build
from source.
--
MfG, Christian Welzel
GPG-Key
Thank you in advance.
Sure this doesn't suffice to be a license change, does it?
I asked him to change the license more offically on his website and
now i'm waiting for some reply.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346
/A:N/E:F/RL:OF/RC:C
Problem Description: The normalisation feature of the RemoveXSS function
was incomplete, allowing an attacker to inject arbitrary JavaScript code.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268
in
the world has them).
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
installation in the mail
header.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
.org/teams/security/security-bulletins/typo3-sa-2009-016/
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe
to exploit this vulnerability. The
vulnerability allows to read any file, the web server user account has access
to.
Problem Description 2: Failing to sanitize user input, three fields in the
backend is open to Cross-Site Scripting (XSS).
--
MfG, Christian Welzel
GPG-Key: http
-src_4.0.2+debian-8.dsc
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
Package: typo3-dummy
Version: 4.2.3-1
Severity: grave
Justification: renders package unusable
The config set by apache.conf includes the wrong value for the sendmail_path
php_value. Thereby sendmail does not accepts emails send by typo3 core.
-- System Information:
Debian Release: 5.0
APT
Package: typo3-dummy
Version: 4.2.3
Severity: grave
Justification: renders package unusable
In PHP safe mode, the backend of typo3 cannot access the javascript
libaries. This is because these libraries are symlinked to /usr/share/...
but this directories are missing in the open_basedir setting.
This bug is now officially announced as
TYPO3 Security Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability
in TYPO3 Core
See this url for more information:
http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/
--
MfG, Christian Welzel
GPG-Key: http
This bug is now officially announced as
TYPO3 Security Bulletin TYPO3-20081113-1: Cross-Site Scripting vulnerability
in TYPO3 Core
See this url for more information:
http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/
--
MfG, Christian Welzel
GPG-Key: http
Package: typo3-src
Version: 4.2.2
Severity: grave
Tags: security
Justification: user security hole
the version 4.2.2 of typo3 is vulnerable to a xss attack in the backend
modul fileadmin.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (650, 'testing'), (600,
Package: typo3-src-4.2
Version: 4.2.0 4.2.1 4.2.2
Severity: grave
Tags: security
Justification: user security hole
typo3 backend is vulnerable to a xss attack in the system extension
felogin which handles frontend user logins to restricted areas of
a webpage.
-- System Information:
Debian
Package: typo3-src
Version: 4.2.1 4.2.2
Severity: grave
Justification: renders package unusable
This bug replaces all content entered into a password field in the backend
by the string unknown. This leads to the problem, that passwords cannot
be changed anymore by users or admins.
-- System
Here is the patch to this issue.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
04-SecBull-TYPO3-20080611-1.dpatch
Description: application/shellscript
5.2.5-3+lenny1 MySQL module for php5
ii poppler-utils [xpdf-util 0.6.4-1 PDF utilitites (based on libpopple
pn typo3-dummy none (no description available)
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF
Am Sonntag, 17. Dezember 2006 01:11 schrieb clayton:
Cannot find tslib/. Please set path by defining $configured_tslib_path in
index.php.
Check if the link /var/lib/typo3-dummy/typo3_src points to
/usr/share/typo3/typo3_src-4.0 .
If not, change that link accordingly.
--
MfG, Christian
Hi there!
As the package typo3-site-installer is to be removed from the debian archive
completely. i will not fix that bug reports.
Please see bug #398576 for reasons.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24
Package: pdns
Version: 2.9.17-12
Severity: critical
Justification: causes serious data loss
during update of the packages the installer overwrites the
/etc/powerdns/pdns.conf file
which is the main config file of powerdns. this is not a problem when using the
prebuild
packages from sarge. but
. but the installer overwrote the
config file without asking me or doing a backup.
so all my handmade sql-queries were deleted.
you should make the pdns-package to not overwrite the config file, if it is
not the original one.
thanks.
--
MfG, Christian Welzel
(Sektionsvorsitzender und Admin AG DSN
52 matches
Mail list logo
