Bug#485814: marked as done (typo3-src-4.0: Security Issue: TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core)

Debian Bug Tracking System Thu, 12 Jun 2008 08:23:30 -0700

Your message dated Thu, 12 Jun 2008 15:17:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#485814: fixed in typo3-src 4.1.7-1
has caused the Debian Bug report #485814,
regarding typo3-src-4.0: Security Issue: TYPO3 Security Bulletin 
TYPO3-20080611-1:  Multiple vulnerabilities in TYPO3 Core
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
485814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485814
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: typo3-src-4.0
Severity: grave
Tags: security
Justification: user security hole


The TYPO3 developers have discovered a security hole which allows to
execute own code in the context of the webserver user.
In the same bulletin an issue of cross side scripting is mentioned.

More information can be found here: 
http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages typo3-src-4.0 depends on:
ii  libapache2-mod-php5       5.2.5-3+lenny1 server-side, HTML-embedded scripti
ii  php5-cgi                  5.2.5-3+lenny1 server-side, HTML-embedded scripti
ii  php5-cli                  5.2.5-3+lenny1 command-line interpreter for the p
ii  ttf-bitstream-vera        1.10-7         The Bitstream Vera family of free 

Versions of packages typo3-src-4.0 recommends:
pn  catdoc                   <none>          (no description available)
ii  exim4                    4.69-5          meta-package to ease Exim MTA (v4)
ii  exim4-daemon-light [mail 4.69-5+b1       lightweight Exim MTA (v4) daemon
ii  ghostscript-x [gs]       8.62.dfsg.1-2.1 The GPL Ghostscript PostScript/PDF
ii  graphicsmagick           1.1.11-3+b1     collection of image processing too
ii  mysql-server             5.0.51a-6       MySQL database server (meta packag
ii  mysql-server-5.0 [mysql- 5.0.51a-6       MySQL database server binaries
pn  php4-xcache | php5-xcach <none>          (no description available)
ii  php5-gd                  5.2.5-3+lenny1  GD module for php5
ii  php5-mysql               5.2.5-3+lenny1  MySQL module for php5
ii  poppler-utils [xpdf-util 0.6.4-1         PDF utilitites (based on libpopple
pn  typo3-dummy              <none>          (no description available)

-- 
 MfG, Christian Welzel

  GPG-Key:     http://www.camlann.de/key.asc
  Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

--- End Message ---

--- Begin Message ---

Source: typo3-src
Source-Version: 4.1.7-1

We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:

typo3-src-4.1_4.1.7-1_all.deb
  to pool/main/t/typo3-src/typo3-src-4.1_4.1.7-1_all.deb
typo3-src_4.1.7-1.diff.gz
  to pool/main/t/typo3-src/typo3-src_4.1.7-1.diff.gz
typo3-src_4.1.7-1.dsc
  to pool/main/t/typo3-src/typo3-src_4.1.7-1.dsc
typo3-src_4.1.7.orig.tar.gz
  to pool/main/t/typo3-src/typo3-src_4.1.7.orig.tar.gz
typo3_4.1.7-1_all.deb
  to pool/main/t/typo3-src/typo3_4.1.7-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Welzel <[EMAIL PROTECTED]> (supplier of updated typo3-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 11 Jun 2008 15:00:00 +0100
Source: typo3-src
Binary: typo3 typo3-src-4.1
Architecture: source all
Version: 4.1.7-1
Distribution: unstable
Urgency: high
Maintainer: Christian Welzel <[EMAIL PROTECTED]>
Changed-By: Christian Welzel <[EMAIL PROTECTED]>
Description: 
 typo3      - Powerful content management framework (Meta package)
 typo3-src-4.1 - Powerful content management framework (Core)
Closes: 485814
Changes: 
 typo3-src (4.1.7-1) unstable; urgency=high
 .
   [ Christian Welzel ]
   * New upstream release
     - fixes TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
       (Closes: #485814)
 .
   [ Holger Levsen ]
   * Change recommends from gs to ghostscript.
   * Remove obsolete overrides for linda, which is obsolete itself.
   * Fix spelling error in description.
Checksums-Sha1: 
 c942f2fae5317d60a3fe142a9bf6577d35c2fbe1 980 typo3-src_4.1.7-1.dsc
 d47d6d378168f3968b2ec1788fea2bffddb3b68a 7784867 typo3-src_4.1.7.orig.tar.gz
 568ff439fb6f3fdaffaa4fb634169f0dad29f54d 106247 typo3-src_4.1.7-1.diff.gz
 232e0e3f9f5e28f0dccba0243098326b581e9ba9 92040 typo3_4.1.7-1_all.deb
 647566f78f670c48c0bfcb0884a77c525ec82a86 7883672 typo3-src-4.1_4.1.7-1_all.deb
Checksums-Sha256: 
 78da9636e94620847ad0b31684d3d8af096f89d593a6250540d48343ef354af4 980 
typo3-src_4.1.7-1.dsc
 77187dbccd9f14f8a771012e6fe39207b4f4e0c0a606e4f1ca4a5679d18b5fd7 7784867 
typo3-src_4.1.7.orig.tar.gz
 743699f0052f8378da50155b2e6192f211ecb2a19d36cf5e196770ff9a4b5fc4 106247 
typo3-src_4.1.7-1.diff.gz
 da8b7a4406914c906bb8e9ef1798cf2e9597ef27d55cb8d27ab9ba5a8377988d 92040 
typo3_4.1.7-1_all.deb
 9c1301c622ef84634676148a36715b4148b198be73d77288e11ed44f5f8ce351 7883672 
typo3-src-4.1_4.1.7-1_all.deb
Files: 
 d0cfe7079e4ac84c19ad4d309422c18c 980 web optional typo3-src_4.1.7-1.dsc
 1df66c9ed06cbdcd06894c7105693e9b 7784867 web optional 
typo3-src_4.1.7.orig.tar.gz
 0daa6875ded59538bd33cf91a0c35513 106247 web optional typo3-src_4.1.7-1.diff.gz
 f0cd5b34cfffcf900f3bdb2210cbbac9 92040 web optional typo3_4.1.7-1_all.deb
 6a7fa13b41ba348d80e639718e278616 7883672 web optional 
typo3-src-4.1_4.1.7-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIUTomUHLQNqxYNSARAjbGAJ9z7cmI10+tYshBfSsPEsutFKxChgCg08sx
ypFhSX6sqBFk6D23o9jAZPs=
=+b7d
-----END PGP SIGNATURE-----

--- End Message ---

Bug#485814: marked as done (typo3-src-4.0: Security Issue: TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core)

Reply via email to