Path to this page:
Subject: CVS commit: [pkgsrc-2009Q3] pkgsrc/www/typo3
From: Matthias Scheler
Date: 2009-10-23 12:17:07
Message id: 20091023101708.0A5F4175DA@cvs.netbsd.org
Log Message:
Pullup ticket #2920 - requested by taca
typo3: security update
Revisions pulled up:
- www/typo3/Makefile 1.16
- www/typo3/PLIST 1.8
- www/typo3/distinfo 1.10
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 22 14:53:09 UTC 2009
Modified Files:
pkgsrc/www/typo3: Makefile PLIST distinfo
Log Message:
Update www/typo3 package to 4.2.10. It fixes multiple security issues
found in TYPO3 core.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
2009-10-22 Oliver Hader <oliver@typo3.org>
* Release of TYPO3 4.2.10
2009-10-22 Ernesto Baschny <ernst@cron-it.de>
* Security Issue #11664: Updated RemoveXSS code to the latest knowledge in this \
area (thanks to Jigal van Hemert)
* Fixed bug #11586: Potential SQL injection in frontend editing (thanks to \
Oliver Klee)
* Fixed bug #12309: It was possible to gain access to the Install Tool by only \
knowing the md5 hash of the password.
* Fixed bug #12310: Encryption key can be recalculated when using normal \
mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
* Fixed bug #12090: Filenames should be escaped with escapeshellarg before \
passing them to imagemagick (thanks to Oliver Klee)
* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function \
t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset \
(thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks \
to Oliver Klee)
* Fixed bug #12306: XSS vulnerability in module dispatcher
* Fixed bug #12307: XSS vulnerability in alt_palette (thanks to Oliver Klee)
* Fixed bug #12308: XSS vulnerability in "DB > Full search" \
functionality
* Fixed bug #10501: XSS vulnerability in the install tool (thanks to Oliver Klee)
2009-10-21 Rupert Germann <rupi@gmx.li>
* Fixed bug #12280: Error Message while creating empty Folders (thanks to \
Daniel Schmitzer)
* Fixed bug #12300 (Follow-up to 11995): Output compression breaks prompt for \
keyboard input in CLI scripts
2009-10-21 Steffen Kamper <info@sk-typo3.de>
* Fixed bug #12272: Steps disregarded in t3lib_lock (thanks to Dan Osipov)
2009-10-15 Rupert Germann <rupi@gmx.li>
* Fixed bug #8728: PHP Warning, if SQL error occurs in class t3lib_db in \
functions which depend on an existing resultset (thanks to Felix Oertel)
2009-10-11 Rupert Germann <rupi@gmx.li>
* Fixed bug #10971: Fatal error in impexp module: Call to a member function \
includeLLFile() on a non-object (thanks to Andre Steiling)
2009-10-10 Rupert Germann <rupi@gmx.li>
* Fixed bug #12129 (follow-up to bug #11986): Translation update broken with \
activated output compression (thanks to Steffen Gebert)
2009-09-29 Oliver Hader <oliver@typo3.org>
* Fixed bug #11433: touch(): Utime failed in install tool (thanks to Steffen Gebert)
Files: