Hi, Reply-To: Salvatore Bonaccorso <[email protected]>, [email protected] Resent-From: Salvatore Bonaccorso <[email protected]> Resent-To: [email protected] Resent-CC: [email protected], [email protected], [email protected], Christian Welzel <[email protected]> X-Loop: [email protected] Resent-Date: Sun, 11 Jan 2015 14:12:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Debian-PR-Message: report 775105 X-Debian-PR-Package: src:typo3-src X-Debian-PR-Keywords: fixed-upstream security upstream X-Debian-PR-Source: typo3-src Received: via spool by [email protected] id=B.142098536414427 (code B); Sun, 11 Jan 2015 14:12:01 +0000 Received: (at submit) by bugs.debian.org; 11 Jan 2015 14:09:24 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02 (2011-06-06) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=4.0 tests=BAYES_00,DIGITS_LETTERS, DNS_FROM_AHBL_RHSBL,FROMDEVELOPER,PUSSY,RCVD_IN_PBL,RCVD_IN_SORBS_DUL, RDNS_DYNAMIC,T_RCVD_IN_SEMBLACK,XMAILER_REPORTBUG,X_DEBBUGS_CC autolearn=no version=3.3.2-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 145; neutral, 41; spammy, 3. spammytokens:0.987-1--H*MI:33208, 0.987-1--H*M:33208, 0.957-+--H*r:bugs.debian.org hammytokens:0.000-+--H*F:U*carnil, 0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug, 0.000-+--H*x:reportbug, 0.000-+--gitweb Received: from 84-75-170-174.dclient.hispeed.ch ([84.75.170.174] helo=eldamar.local) by buxtehude.debian.org with esmtp (Exim 4.80) (envelope-from <[email protected]>) id 1YAJCm-0003k8-0h for [email protected]; Sun, 11 Jan 2015 14:09:24 +0000 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Salvatore Bonaccorso <[email protected]> To: Debian Bug Tracking System <[email protected]> Message-ID: <[email protected]> X-Mailer: reportbug 6.6.3 Date: Sun, 11 Jan 2015 15:09:19 +0100 Delivered-To: [email protected]
Source: typo3-src Version: 4.5.35+dfsg1-1 Severity: important Tags: security upstream fixed-upstream Control: found -1 4.5.19+dfsg1-5+wheezy3 the following vulnerability was published for typo3-src. CVE-2014-9508[0]: | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x | through 6.2.x before 6.2.9, and 7.x before 7.0.2, when | config.prefixLocalAnchors is set and using a homepage with links that | only contain anchors, allows remote attackers to change URLs to | arbitrary domains for those links via unknown vectors. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-9508 [1] https://review.typo3.org/#/c/35222/ [2] https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
