Security Information / 2012 / Security Information -- DSA-2574-1 typo3-src

Debian Security Advisory

DSA-2574-1 typo3-src -- several vulnerabilities

Date Reported:

15 Nov 2012

Affected Packages:

typo3-src

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-6144, CVE-2012-6145, CVE-2012-6146, CVE-2012-6147.

More information:

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, SQL injection, and information disclosure vulnerabilities and corresponds to TYPO3-CORE-SA-2012-005.

For the stable distribution (squeeze), this problem has been fixed in version 4.3.9+dfsg1-1+squeeze7.

For the unstable distribution (sid), this problem has been fixed in version 4.5.19+dfsg1-4.

We recommend that you upgrade your typo3-src packages.