Package: typo3-src-4.0 Severity: grave Tags: security Justification: user security hole
The TYPO3 developers have discovered a security hole which allows to execute own code in the context of the webserver user. In the same bulletin an issue of cross side scripting is mentioned. More information can be found here: http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/ -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (650, 'testing'), (600, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages typo3-src-4.0 depends on: ii libapache2-mod-php5 5.2.5-3+lenny1 server-side, HTML-embedded scripti ii php5-cgi 5.2.5-3+lenny1 server-side, HTML-embedded scripti ii php5-cli 5.2.5-3+lenny1 command-line interpreter for the p ii ttf-bitstream-vera 1.10-7 The Bitstream Vera family of free Versions of packages typo3-src-4.0 recommends: pn catdoc <none> (no description available) ii exim4 4.69-5 meta-package to ease Exim MTA (v4) ii exim4-daemon-light [mail 4.69-5+b1 lightweight Exim MTA (v4) daemon ii ghostscript-x [gs] 8.62.dfsg.1-2.1 The GPL Ghostscript PostScript/PDF ii graphicsmagick 1.1.11-3+b1 collection of image processing too ii mysql-server 5.0.51a-6 MySQL database server (meta packag ii mysql-server-5.0 [mysql- 5.0.51a-6 MySQL database server binaries pn php4-xcache | php5-xcach <none> (no description available) ii php5-gd 5.2.5-3+lenny1 GD module for php5 ii php5-mysql 5.2.5-3+lenny1 MySQL module for php5 ii poppler-utils [xpdf-util 0.6.4-1 PDF utilitites (based on libpopple pn typo3-dummy <none> (no description available) -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/key.asc Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]