Your message dated Sat, 24 Oct 2009 12:17:35 +0000
with message-id <e1n1fyt-0002jp...@ries.debian.org>
and subject line Bug#552020: fixed in typo3-src 4.3.0~beta2-1
has caused the Debian Bug report #552020,
regarding TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
552020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552020
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3
Core
Vulnerability Types: SQL injection, Cross-site scripting (XSS), Information
disclosure,
Frame hijacking, Remote shell command execution and Insecure Install Tool
authentication/session handling.
Problem Description 1: By entering malcious content into a tt_content form
element,
a backend user could recalculate the encryption key. This knowledge could be
used
to attack TYPO3 mechanisms that were protected by this key. A valid backend
login
is required to exploit this vulnerability.
Problem Description 2: Failing to sanitize user input the TYPO3 backend is
susceptible
to XSS attacs in several places. A valid backend login is required to exploit
these
vulnerabilities.
Problem Description 3: By manipulating URL parameters it is possible to include
arbitrary websites in the TYPO3 backend framesets. A valid backend login is
required
to exploit this vulnerability.
Problem Description 4: By uploading files with malicious filenames an editor
could
execute arbitrary shell commands on the server the TYPO3 installation is
located.
A valid backend login is required to exploit this vulnerability.
Problem Description 5: Failing to sanitize URL parameters, TYPO3 is susceptible
to SQL
injection in the frontend editing feature (the traditional one, not
feeditadvanced that
will be shipped with TYPO3 4.3). A valid backend login and activated frontend
editing
is required to exploit this vulnerability.
Problem Description 6: The sanitizing algorithm of the API function
t3lib_div::quoteJSvalue
wasn't sufficient, so that an an attacker could inject specially crafted HTML
or JavaScript
code. Since this function can be used in backend modules as well as in frontend
extensions, this vulnerability could also be exploited without the need of
having a
vaild backend login.
Problem Description 7: Failing to sanitize URL parameters the Frontend Login
Box box is
susceptible to XSS.
Problem Description 8: It is possible to gain access to the Install Tool by
only knowing
the md5 hash of the Install Tool password.
Problem Description 9: Failing to sanitize URL parameters, the Install Tool is
susceptible
to Cross-site scripting attacks.
For more information see the Typo3 Bulletin at:
<https://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/>
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.3.0~beta2-1
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-database_4.3.0~beta2-1_all.deb
to pool/main/t/typo3-src/typo3-database_4.3.0~beta2-1_all.deb
typo3-src-4.3_4.3.0~beta2-1_all.deb
to pool/main/t/typo3-src/typo3-src-4.3_4.3.0~beta2-1_all.deb
typo3-src_4.3.0~beta2-1.diff.gz
to pool/main/t/typo3-src/typo3-src_4.3.0~beta2-1.diff.gz
typo3-src_4.3.0~beta2-1.dsc
to pool/main/t/typo3-src/typo3-src_4.3.0~beta2-1.dsc
typo3-src_4.3.0~beta2.orig.tar.gz
to pool/main/t/typo3-src/typo3-src_4.3.0~beta2.orig.tar.gz
typo3_4.3.0~beta2-1_all.deb
to pool/main/t/typo3-src/typo3_4.3.0~beta2-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 22 Oct 2009 22:00:00 +0100
Source: typo3-src
Binary: typo3-src-4.3 typo3-database typo3
Architecture: source all
Version: 4.3.0~beta2-1
Distribution: experimental
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description:
typo3 - The enterprise level open source WebCMS (Meta)
typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
typo3-src-4.3 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 552020
Changes:
typo3-src (4.3.0~beta2-1) experimental; urgency=high
.
* New upstream release.
- fixes "TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple
vulnerabilities in TYPO3 Core" (Closes: 552020)
Checksums-Sha1:
4bb9c6efda3a4ad8d31f2ae214533f8718a61269 1045 typo3-src_4.3.0~beta2-1.dsc
49a33a2b6bcf293a5f42d06a81775d30730ad651 11712487
typo3-src_4.3.0~beta2.orig.tar.gz
744d9b66d968573c7f848e7c2df9b44d4a65cf48 255079 typo3-src_4.3.0~beta2-1.diff.gz
20442a47f8eebef2f57657b6df3ced725e6bc32a 11523590
typo3-src-4.3_4.3.0~beta2-1_all.deb
ce80b6479135e34858648148f5703d8663ddf019 318280
typo3-database_4.3.0~beta2-1_all.deb
6c1f2fb341e10c7731c39ccdad1a872ab0f839b1 1256 typo3_4.3.0~beta2-1_all.deb
Checksums-Sha256:
772707e0ad3a0ef5c626d4bea1267ca634788293552463d3f683f9d84510b489 1045
typo3-src_4.3.0~beta2-1.dsc
f527b5eb97840fd62ef79fb43719293402b611c2318a82894f186204f4bddf0b 11712487
typo3-src_4.3.0~beta2.orig.tar.gz
0a73c6de7269eaec66a706f192cccabf03fd0f7402189492189ce38d7cb0f67b 255079
typo3-src_4.3.0~beta2-1.diff.gz
7676319eae71293b6b2ca299e8bb1dc5cc521ea988e2613d9f63884a5db36db4 11523590
typo3-src-4.3_4.3.0~beta2-1_all.deb
ada86b7456d87775a5937b0a488b5deeba7f130ca8f71973b7e9cae81dde870b 318280
typo3-database_4.3.0~beta2-1_all.deb
2aae628b5f99ea3430d4476a01b560ee503c3941e92130c6535dca89ac6256e5 1256
typo3_4.3.0~beta2-1_all.deb
Files:
64856154a5765c033109984999bc8a42 1045 web optional typo3-src_4.3.0~beta2-1.dsc
2e78dc85cff04b9d67be85aaf3547ac2 11712487 web optional
typo3-src_4.3.0~beta2.orig.tar.gz
bd8fccf6aac1ae4cbecffb9a8c8d6da8 255079 web optional
typo3-src_4.3.0~beta2-1.diff.gz
545a8e5d4618835fa97c2a6a3c22f983 11523590 web optional
typo3-src-4.3_4.3.0~beta2-1_all.deb
2a5f7045d9160582151acaa199801029 318280 web optional
typo3-database_4.3.0~beta2-1_all.deb
adb6596d6671fc29de78d5e18617de21 1256 web optional typo3_4.3.0~beta2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFK4uyxUHLQNqxYNSARAq1aAKCTSTZaS/coMMAbmVe0Pw0o9v8aEwCeMbPV
wT7eZ52MvdEL4CFEjI6n1g8=
=AJ3g
-----END PGP SIGNATURE-----
--- End Message ---
