Debian: DSA-2098-2: New typo3-src packages fix regression
Summary
Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework: cross-site Scripting, open redirection,
SQL injection, broken authentication and session management,
insecure randomness, information disclosure and arbitrary code
execution. More details can be found in the Typo3 security advisory:
https://typo3.org/security/advisory/typo3-sa-2010-012
For the stable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny5.
The testing distribution (squeeze) will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 4.3.5-1 (not affected by the regression).
We recommend that you upgrade your typo3-src package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Source archives:
Size/MD5 checksum: 1008 ae2679dfa995bc4d97c3385b185613f7
Size/MD5 checksum: 149043 c44d4e5f388a382673f6c921dcdc24ed
Size/MD5 checksum: 8144727 75b2e5db6ac586fb6176f329be452159
Architecture independent packages:
Size/MD5 checksum: 134050 92862c44d428912c1b48dd3363fa6dd9
Size/MD5 checksum: 8194252 189667ba77e8546e48f0e079da893f0f
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show