Debian Bug report logs - #571151
TYPO3-SA-2010-004: Multiple vulnerabilities in TYPO3 Core

version graph

Package: typo3-src; Maintainer for typo3-src is Christian Welzel <gawain@camlann.de>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 23 Feb 2010 21:18:17 UTC

Severity: grave

Tags: etch, security, wontfix

Fixed in versions typo3-src/4.3.2-1, typo3-src/4.2.5-1+lenny3

Done: Christian Welzel <gawain@camlann.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Christian Welzel <gawain@camlann.de>:
Bug#571151; Package typo3-src. (Tue, 23 Feb 2010 21:18:20 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Christian Welzel <gawain@camlann.de>. (Tue, 23 Feb 2010 21:18:20 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: TYPO3-SA-2010-004: Multiple vulnerabilities in TYPO3 Core
Date: Tue, 23 Feb 2010 22:17:32 +0100
Package: typo3-src
Severity: grave
Tags: security

http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-004/

If Lenny is affected, please get in touch with team@security.debian.org

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash




Added tag(s) etch and wontfix. Request was from Christian Welzel <gawain@camlann.de> to control@bugs.debian.org. (Thu, 25 Feb 2010 10:57:08 GMT) Full text and rfc822 format available.

Reply sent to Christian Welzel <gawain@camlann.de>:
You have taken responsibility. (Fri, 26 Feb 2010 19:51:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Fri, 26 Feb 2010 19:51:05 GMT) Full text and rfc822 format available.

Message #12 received at 571151-close@bugs.debian.org (full text, mbox):

From: Christian Welzel <gawain@camlann.de>
To: 571151-close@bugs.debian.org
Subject: Bug#571151: fixed in typo3-src 4.3.2-1
Date: Fri, 26 Feb 2010 19:48:17 +0000
Source: typo3-src
Source-Version: 4.3.2-1

We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:

typo3-database_4.3.2-1_all.deb
  to main/t/typo3-src/typo3-database_4.3.2-1_all.deb
typo3-src-4.3_4.3.2-1_all.deb
  to main/t/typo3-src/typo3-src-4.3_4.3.2-1_all.deb
typo3-src_4.3.2-1.diff.gz
  to main/t/typo3-src/typo3-src_4.3.2-1.diff.gz
typo3-src_4.3.2-1.dsc
  to main/t/typo3-src/typo3-src_4.3.2-1.dsc
typo3-src_4.3.2.orig.tar.gz
  to main/t/typo3-src/typo3-src_4.3.2.orig.tar.gz
typo3_4.3.2-1_all.deb
  to main/t/typo3-src/typo3_4.3.2-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 571151@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Welzel <gawain@camlann.de> (supplier of updated typo3-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 24 Feb 2010 22:00:00 +0100
Source: typo3-src
Binary: typo3-src-4.3 typo3-database typo3
Architecture: source all
Version: 4.3.2-1
Distribution: unstable
Urgency: high
Maintainer: Christian Welzel <gawain@camlann.de>
Changed-By: Christian Welzel <gawain@camlann.de>
Description: 
 typo3      - The enterprise level open source WebCMS (Meta)
 typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
 typo3-src-4.3 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 571151
Changes: 
 typo3-src (4.3.2-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes "TYPO3 Security Bulletin TYPO3-SA-2010-004: Multiple
       vulnerabilities in TYPO3 Core" (Closes: 571151)
Checksums-Sha1: 
 7b9bf752bc0a9180de475353b68baac7634f2957 1003 typo3-src_4.3.2-1.dsc
 1a74ae2a3dd68c039402a697617916c1f07cc867 11479925 typo3-src_4.3.2.orig.tar.gz
 063717042fc29a6e6b1797b806af065346647747 118229 typo3-src_4.3.2-1.diff.gz
 48146f9fc7a25ff3d2d2afe99fd65cff2715ab56 11263622 typo3-src-4.3_4.3.2-1_all.deb
 245b4d8dc5fbf591b60357df8f4f01d87f342182 189666 typo3-database_4.3.2-1_all.deb
 aa269e67df2bf36a29b43703c01ee6e81598cbd4 1244 typo3_4.3.2-1_all.deb
Checksums-Sha256: 
 91cf68d6670767782f05b67e696cbe5b869bf407b6eed1d55f4c0dd7652d0de7 1003 typo3-src_4.3.2-1.dsc
 deb2d2f3830e95ae314a208c9a221866c67d4e34e85cd3388e4f0996a3150ddd 11479925 typo3-src_4.3.2.orig.tar.gz
 e795ad416b0cf819848a91878f1fac7b254f3bacb508a107b1e056048c626704 118229 typo3-src_4.3.2-1.diff.gz
 da7088204a1a737abd32647c02f41ba8df6a09b1c87971539e46043646fa3897 11263622 typo3-src-4.3_4.3.2-1_all.deb
 409bf53f1f8fa5bf0444692796d3b1a2618d60a415f8770db31e6eee1917c6d2 189666 typo3-database_4.3.2-1_all.deb
 e7ebfa5d3356f9374967a5cbcd5297fee5780655a791167e9879189dc452d96b 1244 typo3_4.3.2-1_all.deb
Files: 
 5d97e7bcdfee498a0147e105c43daf38 1003 web optional typo3-src_4.3.2-1.dsc
 ec02e4e91f2f280340d3557f4ecbe1b4 11479925 web optional typo3-src_4.3.2.orig.tar.gz
 29d993b069b803103fb0c88329a33d4f 118229 web optional typo3-src_4.3.2-1.diff.gz
 893f4f3e5d2e70eded5185d947550665 11263622 web optional typo3-src-4.3_4.3.2-1_all.deb
 8e535cb1789828967be5863e65282d65 189666 web optional typo3-database_4.3.2-1_all.deb
 b6c4af8ed2b3d9c57b563fd426179e2e 1244 web optional typo3_4.3.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLiCHxUHLQNqxYNSARAgrjAKDTRdYWsWuQXnNTJIT1WJAiCzHbtwCbBqfA
H3KQ8SyMbDwojZgqoAAGBOU=
=F0dk
-----END PGP SIGNATURE-----





Reply sent to Christian Welzel <gawain@camlann.de>:
You have taken responsibility. (Tue, 09 Mar 2010 13:54:05 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 09 Mar 2010 13:54:05 GMT) Full text and rfc822 format available.

Message #17 received at 571151-close@bugs.debian.org (full text, mbox):

From: Christian Welzel <gawain@camlann.de>
To: 571151-close@bugs.debian.org
Subject: Bug#571151: fixed in typo3-src 4.2.5-1+lenny3
Date: Tue, 09 Mar 2010 13:53:25 +0000
Source: typo3-src
Source-Version: 4.2.5-1+lenny3

We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:

typo3-src-4.2_4.2.5-1+lenny3_all.deb
  to main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny3_all.deb
typo3-src_4.2.5-1+lenny3.diff.gz
  to main/t/typo3-src/typo3-src_4.2.5-1+lenny3.diff.gz
typo3-src_4.2.5-1+lenny3.dsc
  to main/t/typo3-src/typo3-src_4.2.5-1+lenny3.dsc
typo3_4.2.5-1+lenny3_all.deb
  to main/t/typo3-src/typo3_4.2.5-1+lenny3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 571151@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Welzel <gawain@camlann.de> (supplier of updated typo3-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 24 Feb 2010 23:00:00 +0100
Source: typo3-src
Binary: typo3 typo3-src-4.2
Architecture: source all
Version: 4.2.5-1+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Christian Welzel <gawain@camlann.de>
Changed-By: Christian Welzel <gawain@camlann.de>
Description: 
 typo3      - Powerful content management framework (Meta package)
 typo3-src-4.2 - Powerful content management framework (Core)
Closes: 571151
Changes: 
 typo3-src (4.2.5-1+lenny3) stable-security; urgency=high
 .
   * Added patches (backported from 4.2.12) to fix the security issues
     from "TYPO3-SA-2010-004: Multiple vulnerabilities in TYPO3 Core"
     (Closes: 571151).
Checksums-Sha1: 
 f699fa5dadfbfbbd0f816e581e6384e15adf9a1b 1008 typo3-src_4.2.5-1+lenny3.dsc
 5a9f06209f48a2050a92bddf409c7dd74b244785 128331 typo3-src_4.2.5-1+lenny3.diff.gz
 6b3d1904b0f5007aa8992d29eed117596dec5e7c 133890 typo3_4.2.5-1+lenny3_all.deb
 0cf9ec2864021f2e85e35f4385aee50607864a2d 8201908 typo3-src-4.2_4.2.5-1+lenny3_all.deb
Checksums-Sha256: 
 b8aef8ccacc055dc318df2b2a4f824c073ac2eb3ba9982724cd72dac8f7ee42b 1008 typo3-src_4.2.5-1+lenny3.dsc
 1c879ae008bf73e285f2d808847176082832914ec209b2d219bbf656454dfc66 128331 typo3-src_4.2.5-1+lenny3.diff.gz
 9f1a83b926712666c3774dd24a27105de2a323dad336f226501a6085d95e27e8 133890 typo3_4.2.5-1+lenny3_all.deb
 10f1d221f8b0a9590f46e1d25f2c4378cba5d7c328912b3776b3c1f7e7968919 8201908 typo3-src-4.2_4.2.5-1+lenny3_all.deb
Files: 
 2b5fae60fae3e6a6aac0abab77878aab 1008 web optional typo3-src_4.2.5-1+lenny3.dsc
 a6c5d19786ea0cb438dca15a5e4cd03d 128331 web optional typo3-src_4.2.5-1+lenny3.diff.gz
 7322ee4dbabfb7b8a9ad34541a750777 133890 web optional typo3_4.2.5-1+lenny3_all.deb
 b9597dd425a73b6cb89bdc3724fcb02f 8201908 web optional typo3-src-4.2_4.2.5-1+lenny3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLiB9YUHLQNqxYNSARAoPsAKCttNuqaTRLAgXw4Z0n9xHFiG77awCcD0K3
JAnb53FVp8CT/TFBTqxZK88=
=1RI7
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 27 Jun 2010 07:38:39 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 19:59:08 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.