./www/typo3, The typo3 content management system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2009Q3, Version: 4.2.10, Package name: typo3-4.2.10, Maintainer: taca

TYPO3 is a free Open Source content management system for enterprise
purposes on the web and in intranets. It offers full flexibility and
extendability while featuring an accomplished set of ready-made
interfaces, functions and modules.

DEINSTALL [+/-]

Required to run:
[databases/php-mysql]

Master sites: (Expand)

SHA1: ba6fa68267bf924df2f3ddfffee7dac4fc51f800
RMD160: 1fc914e72930b995aeabad9529c7b2177969f322
Filesize: 7964.709 KB

Version history: (Expand)

CVS history: (Expand)


   2009-10-23 12:17:07 by Matthias Scheler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #2920 - requested by taca
typo3: security update

Revisions pulled up:
- www/typo3/Makefile			1.16
- www/typo3/PLIST			1.8
- www/typo3/distinfo			1.10
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Oct 22 14:53:09 UTC 2009

Modified Files:
	pkgsrc/www/typo3: Makefile PLIST distinfo

Log message:
Update www/typo3 package to 4.2.10.  It fixes multiple security issues
found in TYPO3 core.

      http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

2009-10-22  Oliver Hader  <oliver@typo3.org>

	* Release of TYPO3 4.2.10

2009-10-22  Ernesto Baschny <ernst@cron-it.de>

	* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this \ 
area (thanks to Jigal van Hemert)
	* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to \ 
Oliver Klee)
	* Fixed bug #12309: It was possible to gain access to the Install Tool by only \ 
knowing the md5 hash of the password.
	* Fixed bug #12310: Encryption key can be recalculated when using normal \ 
mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
	* Fixed bug #12090: Filenames should be escaped with escapeshellarg before \ 
passing them to imagemagick (thanks to Oliver Klee)
	* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function \ 
t3lib_div::quoteJSvalue (thanks to Oliver Klee)
	* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset \ 
(thanks to Oliver Klee)
	* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks \ 
to Oliver Klee)
	* Fixed bug #12306: XSS vulnerability in module dispatcher
	* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
	* Fixed bug #12308: XSS vulnerability in "DB > Full search" \ 
functionality
	* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)

2009-10-21  Rupert Germann  <rupi@gmx.li>

	* Fixed bug #12280: Error Message while creating empty Folders (thanks to \ 
Daniel Schmitzer)
	* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for \ 
keyboard input in CLI scripts

2009-10-21  Steffen Kamper  <info@sk-typo3.de>

	* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)

2009-10-15  Rupert Germann  <rupi@gmx.li>

 	* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in \ 
functions which depend on an existing resultset (thanks to Felix Oertel)

2009-10-11  Rupert Germann  <rupi@gmx.li>

	* Fixed bug #10971: Fatal error in impexp module: Call to a member function \ 
includeLLFile() on a non-object (thanks to Andre Steiling)

2009-10-10  Rupert Germann  <rupi@gmx.li>

	* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with \ 
activated output compression (thanks to Steffen Gebert)

2009-09-29  Oliver Hader  <oliver@typo3.org>

	* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)