Package: typo3-src-4.2 Version: 4.2.3-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for typo3-src-4.2.
Upstream says [1] it's not going to fix the issue because the extension's maintainer is rewriting the files from scratch. So they recommend to delete the extension until it's not rewritten. CVE-2008-5096[0]: | Unspecified vulnerability in the TYPO3 File List (file_list) extension | 0.2.1 and earlier allows remote attackers to obtain sensitive | information via unknown attack vectors. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5096 http://security-tracker.debian.net/tracker/CVE-2008-5096 [1] http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]