From owner-svn-ports-all@FreeBSD.ORG Mon Nov 12 21:47:27 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EF3731C6; Mon, 12 Nov 2012 21:47:27 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id BB6848FC12; Mon, 12 Nov 2012 21:47:27 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qACLlRRB013070; Mon, 12 Nov 2012 21:47:27 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qACLlRlc013066; Mon, 12 Nov 2012 21:47:27 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201211122147.qACLlRlc013066@svn.freebsd.org> From: Rene Ladan Date: Mon, 12 Nov 2012 21:47:27 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r307348 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2012 21:47:28 -0000 Author: rene Date: Mon Nov 12 21:47:27 2012 New Revision: 307348 URL: http://svnweb.freebsd.org/changeset/ports/307348 Log: Document vulnerabilities in two typo3 components. Obtained from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ Feature safe: yes Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Nov 12 21:46:59 2012 (r307347) +++ head/security/vuxml/vuln.xml Mon Nov 12 21:47:27 2012 (r307348) @@ -51,6 +51,44 @@ Note: Please add new entries to the beg --> + + typo3 -- Multiple vulnerabilities in TYPO3 Core + + + typo3 + 4.5.04.5.21 + 4.6.04.6.14 + 4.7.04.7.6 + + + + +

Typo Security Team reports:

+
+

TYPO3 Backend History Module - Due to missing encoding of user + input, the history module is susceptible to SQL Injection and + Cross-Site Scripting. A valid backend login is required to exploit + this vulnerability. Credits go to Thomas Worm who discovered and + reported the issue.

+

TYPO3 Backend API - Failing to properly HTML-encode user input the + tree render API (TCA-Tree) is susceptible to Cross-Site Scripting. + TYPO3 Versions below 6.0 does not make us of this API, thus is not + exploitable, if no third party extension is installed which uses + this API. A valid backend login is required to exploit this + vulnerability. Credits go to Richard Brain who discovered and + reported the issue.

+
+ + + + http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ + + + 2012-11-08 + 2012-11-12 + + + DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust