Your message dated Thu, 16 Dec 2010 18:32:20 +0000
with message-id <e1pticm-0004yr...@franck.debian.org>
and subject line Bug#607286: fixed in typo3-src 4.3.9+dfsg1-1
has caused the Debian Bug report #607286,
regarding TYPO3 Security Bulletin TYPO3-SA-2010-022: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
607286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607286
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
Component Type: TYPO3 Core
Affected Versions: 4.2.15 and below, 4.3.8 and below, 4.4.4 and below
Vulnerability Types: Arbitrary Code Execution, Path Traversal,
Cross-Site Scripting (XSS), SQL injection, Information Disclosure
Overall Severity: High
Vulnerable subcomponent #1: Frontend
Vulnerability Type: Cross-Site Scripting
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly sanitize user input the click
enlarge functionality is susceptible to Cross-Site Scripting. The
problem only exists if the TYPO3 caching framework is turned on by
configuration.
Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C)
Problem Description: For a regular editor it is possible to inject
arbitrary HTML or JavaScript into the FORM content object. A valid
backend login is required to exploit this vulnerability.
Vulnerable subcomponent #2: PHP file inclusion protection API
Vulnerability Type: Arbitrary Code Execution
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C
Problem Description: Because of insufficient validation of user input it
is possible to circumvent the check for executable php files in some cases.
Vulnerable subcomponent #3: Install Tool
Vulnerability Type: Cross-Site Scripting
Severity: Medium
TODO: Suggested CVSS v2.0: AV:L/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the TYPO3 Install
Toolis susceptible to XSS attacks in several places. A valid Install
Tool login is required to exploit these vulnerabilities.
Vulnerable subcomponent #4: Backend
Vulnerability Type: Remote File Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly validate user input, the
TypoScript file inclusion functionality makes it possible to also
include arbitrary php files into the TypoScript setup. A valid admin
user login is required to exploit this vulnerability.
Vulnerability Type: Path Traversal
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the unzip library
is susceptible to Path Traversal.
Vulnerability Type: SQL Injection
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the list module
fuctionality is susceptible to SQL injection. A valid backend login with
the rights to access the list module is required to exploit this
vulnerability.
Vulnerable subcomponent #5: Database API
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: If the database connection to the MySQL database is
set to sql_mode NO_BACKSLASH_ESCAPES the TYPO3 Database API method
escapeStrForLike() is failing to properly quote user input, making it is
possible to inject wildcards into a LIKE query. This could potentially
disclose a set of records that are meant to be kept in secret.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.3.9+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-database_4.3.9+dfsg1-1_all.deb
to main/t/typo3-src/typo3-database_4.3.9+dfsg1-1_all.deb
typo3-src-4.3_4.3.9+dfsg1-1_all.deb
to main/t/typo3-src/typo3-src-4.3_4.3.9+dfsg1-1_all.deb
typo3-src_4.3.9+dfsg1-1.debian.tar.gz
to main/t/typo3-src/typo3-src_4.3.9+dfsg1-1.debian.tar.gz
typo3-src_4.3.9+dfsg1-1.dsc
to main/t/typo3-src/typo3-src_4.3.9+dfsg1-1.dsc
typo3-src_4.3.9+dfsg1.orig.tar.gz
to main/t/typo3-src/typo3-src_4.3.9+dfsg1.orig.tar.gz
typo3_4.3.9+dfsg1-1_all.deb
to main/t/typo3-src/typo3_4.3.9+dfsg1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 607...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 16 Dec 2010 22:00:00 +0100
Source: typo3-src
Binary: typo3-src-4.3 typo3-database typo3
Architecture: source all
Version: 4.3.9+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description:
typo3 - The enterprise level open source WebCMS (Meta)
typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
typo3-src-4.3 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 607286
Changes:
typo3-src (4.3.9+dfsg1-1) unstable; urgency=high
.
* New upstream release:
- fixes: "TYPO3 Security Bulletin TYPO3-SA-2010-022: Multiple
vulnerabilities in TYPO3 Core" (Closes: 607286)
* Added source for player.swf and flvplayer.swf (see #591969).
* Corrected watch file.
* Added rule "dfsg" to rules to remove non free files.
Checksums-Sha1:
e6f30f1194ff00e40d76b54e563fdd9a3ef648d9 1063 typo3-src_4.3.9+dfsg1-1.dsc
e9877097e48875ee0313c109a5b810b6c2837af5 11503840
typo3-src_4.3.9+dfsg1.orig.tar.gz
4505d254b361c1dd391af7b20aec6e5b450e02cd 123115
typo3-src_4.3.9+dfsg1-1.debian.tar.gz
ebd89323ce094322f778850443eff478787d248d 11271628
typo3-src-4.3_4.3.9+dfsg1-1_all.deb
2b3a8d9e6ddbbdd6f9c28cf7f62ce9094f1ead19 202218
typo3-database_4.3.9+dfsg1-1_all.deb
96b95a47ea19dde39719483b7bc4ed139cc8732d 1254 typo3_4.3.9+dfsg1-1_all.deb
Checksums-Sha256:
185ad2139a372b28d9f5b72beac3c9da73d78fea6dedb6f5c7f05f94ca73bc53 1063
typo3-src_4.3.9+dfsg1-1.dsc
5886c1df5e2cabdc6f8fdc7759cf7f2b7bd8588cacc17538c50521bad1768ed1 11503840
typo3-src_4.3.9+dfsg1.orig.tar.gz
d9127c2281ad1b62b06f5651aaf6b22913e78e7031d55910035de3bc8713415a 123115
typo3-src_4.3.9+dfsg1-1.debian.tar.gz
d685ae617183d77f8641fd21df4cfe85b99247846db1d1b711a90c164f1ac333 11271628
typo3-src-4.3_4.3.9+dfsg1-1_all.deb
ca63f72ffe6947fa779c82cd18a09c584c425910d540461968ed8a7f327d1dfb 202218
typo3-database_4.3.9+dfsg1-1_all.deb
367e68762e64df77d7c9cea8d9c315c0f35404b36651d893c01375311cb3dc2a 1254
typo3_4.3.9+dfsg1-1_all.deb
Files:
a364235504355aeac9f96c59edb20f54 1063 web optional typo3-src_4.3.9+dfsg1-1.dsc
2cb58c27d8bf8ed19c5a5876bdf02208 11503840 web optional
typo3-src_4.3.9+dfsg1.orig.tar.gz
3ff83584e80f28461c934c79c6e182d2 123115 web optional
typo3-src_4.3.9+dfsg1-1.debian.tar.gz
d9617f846e10dca37975933e7cd6d8b5 11271628 web optional
typo3-src-4.3_4.3.9+dfsg1-1_all.deb
3d27457cb7b017b8542b487d78eaa114 202218 web optional
typo3-database_4.3.9+dfsg1-1_all.deb
b30d72e211ff9d093b55e08124edeab3 1254 web optional typo3_4.3.9+dfsg1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNClbQUHLQNqxYNSARApwxAKCcy10tRfO/JblT3tueyRMra0pZ2ACfUfAO
hKlTPGg4sRXnHqZg0Z/sRl4=
=1gp7
-----END PGP SIGNATURE-----
--- End Message ---
