Your message dated Fri, 17 Dec 2010 10:19:00 +0000
with message-id <e1ptxou-0006f6...@franck.debian.org>
and subject line Bug#607286: fixed in typo3-src 4.5.0+dfsg1~beta2-2
has caused the Debian Bug report #607286,
regarding TYPO3 Security Bulletin TYPO3-SA-2010-022: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
607286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607286
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
Component Type: TYPO3 Core
Affected Versions: 4.2.15 and below, 4.3.8 and below, 4.4.4 and below
Vulnerability Types: Arbitrary Code Execution, Path Traversal,
Cross-Site Scripting (XSS), SQL injection, Information Disclosure
Overall Severity: High
Vulnerable subcomponent #1: Frontend
Vulnerability Type: Cross-Site Scripting
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly sanitize user input the click
enlarge functionality is susceptible to Cross-Site Scripting. The
problem only exists if the TYPO3 caching framework is turned on by
configuration.
Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C)
Problem Description: For a regular editor it is possible to inject
arbitrary HTML or JavaScript into the FORM content object. A valid
backend login is required to exploit this vulnerability.
Vulnerable subcomponent #2: PHP file inclusion protection API
Vulnerability Type: Arbitrary Code Execution
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C
Problem Description: Because of insufficient validation of user input it
is possible to circumvent the check for executable php files in some cases.
Vulnerable subcomponent #3: Install Tool
Vulnerability Type: Cross-Site Scripting
Severity: Medium
TODO: Suggested CVSS v2.0: AV:L/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the TYPO3 Install
Toolis susceptible to XSS attacks in several places. A valid Install
Tool login is required to exploit these vulnerabilities.
Vulnerable subcomponent #4: Backend
Vulnerability Type: Remote File Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly validate user input, the
TypoScript file inclusion functionality makes it possible to also
include arbitrary php files into the TypoScript setup. A valid admin
user login is required to exploit this vulnerability.
Vulnerability Type: Path Traversal
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the unzip library
is susceptible to Path Traversal.
Vulnerability Type: SQL Injection
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the list module
fuctionality is susceptible to SQL injection. A valid backend login with
the rights to access the list module is required to exploit this
vulnerability.
Vulnerable subcomponent #5: Database API
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: If the database connection to the MySQL database is
set to sql_mode NO_BACKSLASH_ESCAPES the TYPO3 Database API method
escapeStrForLike() is failing to properly quote user input, making it is
possible to inject wildcards into a LIKE query. This could potentially
disclose a set of records that are meant to be kept in secret.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.5.0+dfsg1~beta2-2
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-database_4.5.0+dfsg1~beta2-2_all.deb
to main/t/typo3-src/typo3-database_4.5.0+dfsg1~beta2-2_all.deb
typo3-dummy_4.5.0+dfsg1~beta2-2_all.deb
to main/t/typo3-src/typo3-dummy_4.5.0+dfsg1~beta2-2_all.deb
typo3-src-4.5_4.5.0+dfsg1~beta2-2_all.deb
to main/t/typo3-src/typo3-src-4.5_4.5.0+dfsg1~beta2-2_all.deb
typo3-src_4.5.0+dfsg1~beta2-2.debian.tar.gz
to main/t/typo3-src/typo3-src_4.5.0+dfsg1~beta2-2.debian.tar.gz
typo3-src_4.5.0+dfsg1~beta2-2.dsc
to main/t/typo3-src/typo3-src_4.5.0+dfsg1~beta2-2.dsc
typo3_4.5.0+dfsg1~beta2-2_all.deb
to main/t/typo3-src/typo3_4.5.0+dfsg1~beta2-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 607...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Dec 2010 22:00:00 +0100
Source: typo3-src
Binary: typo3-src-4.5 typo3-database typo3-dummy typo3
Architecture: source all
Version: 4.5.0+dfsg1~beta2-2
Distribution: experimental
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description:
typo3 - The enterprise level open source WebCMS (Meta)
typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
typo3-dummy - web content management system
typo3-src-4.5 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 598816 599088 602250 607286
Changes:
typo3-src (4.5.0+dfsg1~beta2-2) experimental; urgency=high
.
* Ported some security fixes from TYPO3 4.4.5 to this version
- fixes: "TYPO3 Security Bulletin TYPO3-SA-2010-022: Multiple
vulnerabilities in TYPO3 Core" (Closes: 607286)
.
typo3-src (4.5.0+dfsg1~beta2-1) experimental; urgency=low
.
* New upstream release.
* Added source for player.swf and flvplayer.swf (see #591969).
.
typo3-src (4.5.0+dfsg1~beta1-1) experimental; urgency=low
.
* Removed typo3/contrib/jsmin/jsmin.php because of non free license
(Closes: 602250)
* Added notice about license of qtobject.js to copyright file.
* Added README.source.
* Corrected watch file.
* Added rule "dfsg" to rules to remove non free files.
.
typo3-src (4.5.0~beta1-1) experimental; urgency=low
.
* New upstream release.
* Merged typo3-src and typo3-dummy source packages.
* Fixed spelling error in control (Closes: 598816)
* Added lintian override for "embedded-php-library" on "libnusoap-php"
because of customized nusoap in these packages (see 529581)
* Added japanese translation (Closes: 599088)
* Reorganized and updated changelog. Uses DEP-5 format now.
* localconf.php:
- raised memory limit to 64MB
- disabled donation window
- set search path for binaries
- disabled deprecation logging
* Moved mysql sql file to own directory and added upgrade sql to 4.5.
* Added backend user "admin"/"password" to mysql/mysql.
* Added generation of encryption key to typo3-dummy.postinst.
Checksums-Sha1:
57d9e5ad2b02466adb7fa7cedbc154a4c73e85b5 1424 typo3-src_4.5.0+dfsg1~beta2-2.dsc
ac7bfb450fcf6928f838fd3bee894a8b9facdce3 181317
typo3-src_4.5.0+dfsg1~beta2-2.debian.tar.gz
904c9b8f6275f9abd3a47db9776537026612d124 19423852
typo3-src-4.5_4.5.0+dfsg1~beta2-2_all.deb
7fd7155e20215574eb0ba7766cb05421629d5ab5 234142
typo3-database_4.5.0+dfsg1~beta2-2_all.deb
ecd1c2c3105aa153769051c5cf5988aef9a7ea28 242566
typo3-dummy_4.5.0+dfsg1~beta2-2_all.deb
b8d5aac4c32964e58e472fa14166e2af3c9b709f 1260 typo3_4.5.0+dfsg1~beta2-2_all.deb
Checksums-Sha256:
6b4988cd304322548a98cb71ca58532d0b2f66d07008e353ec7c9493ff066ea7 1424
typo3-src_4.5.0+dfsg1~beta2-2.dsc
9056a697cf428000724418b9c7be13dd7eb6398b57835e85056089d5375dc1ca 181317
typo3-src_4.5.0+dfsg1~beta2-2.debian.tar.gz
b218d53bdebae7c46caa51a826c79f7eb780268642b3e72ed31d574df56b487f 19423852
typo3-src-4.5_4.5.0+dfsg1~beta2-2_all.deb
473315413f6a0d411d97da548f50ce5a002aa3b0fac55a2ab6aca3c696fa8e65 234142
typo3-database_4.5.0+dfsg1~beta2-2_all.deb
681b20045df626614e0f6d6e6384e0d345f3ee5ff3c90e583d6b5a2cc5121742 242566
typo3-dummy_4.5.0+dfsg1~beta2-2_all.deb
4825bb88317071c904420565fb570b68b542ae31c0faf915f42e4cd00f069a80 1260
typo3_4.5.0+dfsg1~beta2-2_all.deb
Files:
d949316ef3605b83b5a9592f5c193560 1424 web optional
typo3-src_4.5.0+dfsg1~beta2-2.dsc
1f94bfc905e2761f79bb9d384a733766 181317 web optional
typo3-src_4.5.0+dfsg1~beta2-2.debian.tar.gz
0dea53c958e29ec8f786008f2b58db11 19423852 web optional
typo3-src-4.5_4.5.0+dfsg1~beta2-2_all.deb
bf2002a455d5e8c0507de5ac8c8264ee 234142 web optional
typo3-database_4.5.0+dfsg1~beta2-2_all.deb
85b60d5512c664248ad3ab8f9acd9fa1 242566 web optional
typo3-dummy_4.5.0+dfsg1~beta2-2_all.deb
ddb87a842e2089570048d5ee76bac802 1260 web optional
typo3_4.5.0+dfsg1~beta2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNCzYWUHLQNqxYNSARAk2nAJ0T3qgo5FfO75WCwQe/Fjy0FckruQCbB7x7
MvKcE9Hgq09TDgXO1cYOEOM=
=FCEB
-----END PGP SIGNATURE-----
--- End Message ---
