severity 341709 wishlist tag 341709 -security clone 341709 -1 -2 severity -1 important retitle -1 Mail forms can be used to send spam forwarded -1 http://typo3.org/teams/security/security-bulletins/typo3-20050307-1/ severity -2 grave retitle -2 Remote command execution, arbitrary file viewing [CVE-2006-0327] tag -1 security tag -2 security thanks
On Tue, 13 Dec 2005, Steffen Müller wrote: > The 3.7 branch is outdated and obviously not supported any more by > TYPO3 devs. Since etch is IMHO still in an early stage (no feature > freeze yet), an upgrade to 3.8.1 would be the easiest way to get rid > of all known security issues in TYPO3. Unfortunatly, even upgrading to 3.8.1 won't get rid of all of the security issues. Furthermore, the way in which upstream is supporting this package is rather suboptimal at best, as the fixes they've made do not include patches. [Also, the CVE vulnerability has been extant for 3 months now, and there hasn't been an update from upstream about it.] Christian Leutloff: please work with upstream to make their mechanism of setting up patchsets for security bugs in historical versions; otherwise it will be almost prohibitively difficult for the security team to support this package, unless you plan on taking on the burden yourself for the duration of the time that the package is distributed in Debian. [Probably the next 3 years...] Don Armstrong -- Quite the contrary; they *love* collateral damage. If they can make you miserable enough, maybe you'll stop using email entirely. Once enough people do that, then there'll be no legitimate reason left for anyone to run an SMTP server, and the spam problem will be solved. -- Craig Dickson in <[EMAIL PROTECTED]> http://www.donarmstrong.com http://rzlab.ucr.edu
signature.asc
Description: Digital signature
