Debian 5.0: DSA-2121-1 Moderate: TYPO3 Remote File Issues

Several remote vulnerabilities have been discovered in TYPO3. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2010-3714
Multiple remote file disclosure vulnerabilities in the jumpUrl
mechanism and the Extension Manager allowed attackers to read
files with the privileges of the account under which the web
server was running.

CVE-2010-3715
The TYPO3 backend contained several cross-site scripting
vulnerabilities, and the RemoveXSS function did not filter
all Javascript code.

CVE-2010-3716
Malicious editors with user creation permission could escalate
their privileges by creating new users in arbitrary groups, due
to lack of input validation in the taskcenter.

CVE-2010-3717
TYPO3 exposed a crasher bug in the PHP filter_var function,
enabling attackers to cause the web server process to crash
and thus consume additional system resources.

For the stable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny6.

For the unstable distri...