Your message dated Thu, 10 Jul 2008 19:52:21 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#485814: fixed in typo3-src 4.0.2+debian-5
has caused the Debian Bug report #485814,
regarding typo3-src-4.0: Security Issue: TYPO3 Security Bulletin
TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
485814: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485814
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: typo3-src-4.0
Severity: grave
Tags: security
Justification: user security hole
The TYPO3 developers have discovered a security hole which allows to
execute own code in the context of the webserver user.
In the same bulletin an issue of cross side scripting is mentioned.
More information can be found here:
http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages typo3-src-4.0 depends on:
ii libapache2-mod-php5 5.2.5-3+lenny1 server-side, HTML-embedded scripti
ii php5-cgi 5.2.5-3+lenny1 server-side, HTML-embedded scripti
ii php5-cli 5.2.5-3+lenny1 command-line interpreter for the p
ii ttf-bitstream-vera 1.10-7 The Bitstream Vera family of free
Versions of packages typo3-src-4.0 recommends:
pn catdoc <none> (no description available)
ii exim4 4.69-5 meta-package to ease Exim MTA (v4)
ii exim4-daemon-light [mail 4.69-5+b1 lightweight Exim MTA (v4) daemon
ii ghostscript-x [gs] 8.62.dfsg.1-2.1 The GPL Ghostscript PostScript/PDF
ii graphicsmagick 1.1.11-3+b1 collection of image processing too
ii mysql-server 5.0.51a-6 MySQL database server (meta packag
ii mysql-server-5.0 [mysql- 5.0.51a-6 MySQL database server binaries
pn php4-xcache | php5-xcach <none> (no description available)
ii php5-gd 5.2.5-3+lenny1 GD module for php5
ii php5-mysql 5.2.5-3+lenny1 MySQL module for php5
ii poppler-utils [xpdf-util 0.6.4-1 PDF utilitites (based on libpopple
pn typo3-dummy <none> (no description available)
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.0.2+debian-5
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-src-4.0_4.0.2+debian-5_all.deb
to pool/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-5_all.deb
typo3-src_4.0.2+debian-5.diff.gz
to pool/main/t/typo3-src/typo3-src_4.0.2+debian-5.diff.gz
typo3-src_4.0.2+debian-5.dsc
to pool/main/t/typo3-src/typo3-src_4.0.2+debian-5.dsc
typo3_4.0.2+debian-5_all.deb
to pool/main/t/typo3-src/typo3_4.0.2+debian-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <[EMAIL PROTECTED]> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 12 Jun 2008 11:54:00 +0200
Source: typo3-src
Binary: typo3 typo3-src-4.0
Architecture: source all
Version: 4.0.2+debian-5
Distribution: stable-security
Urgency: high
Maintainer: Christian Welzel <[EMAIL PROTECTED]>
Changed-By: Christian Welzel <[EMAIL PROTECTED]>
Description:
typo3 - Powerful content management framework (Meta package)
typo3-src-4.0 - Powerful content management framework (Core)
Closes: 485814
Changes:
typo3-src (4.0.2+debian-5) stable-security; urgency=high
.
* Fixed security problem "Multiple vulnerabilities in TYPO3 Core"
(TYPO3-20080611-1) with patch taken from 4.0.9. (Closes: #485814)
Files:
7d777c2c73dfbedc116cadb3c12af767 610 web optional typo3-src_4.0.2+debian-5.dsc
06fd4df8cc184d80dd2ec16b96aa350e 18272 web optional
typo3-src_4.0.2+debian-5.diff.gz
cb7d95cd67e42efb50952615de8a58e4 76660 web optional
typo3_4.0.2+debian-5_all.deb
bb6bb984cd8fc36d3bb26020d9821f43 7691566 web optional
typo3-src-4.0_4.0.2+debian-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIUQQ+UHLQNqxYNSARAkoxAKCfml+1+0ImXp00aBRfLMOmZ9z/KgCbBOxA
KCPlli0tKOFY+bbcNE39XBY=
=yBL2
-----END PGP SIGNATURE-----
--- End Message ---
