From owner-svn-ports-all@FreeBSD.ORG Wed Mar 6 15:57:00 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id AD0D78B0; Wed, 6 Mar 2013 15:57:00 +0000 (UTC) (envelope-from culot@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 85D452E0; Wed, 6 Mar 2013 15:57:00 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r26Fv0TH075685; Wed, 6 Mar 2013 15:57:00 GMT (envelope-from culot@svn.freebsd.org) Received: (from culot@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r26Fv0I7075681; Wed, 6 Mar 2013 15:57:00 GMT (envelope-from culot@svn.freebsd.org) Message-Id: <201303061557.r26Fv0I7075681@svn.freebsd.org> From: Frederic Culot Date: Wed, 6 Mar 2013 15:57:00 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r313525 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2013 15:57:00 -0000 Author: culot Date: Wed Mar 6 15:56:59 2013 New Revision: 313525 URL: http://svnweb.freebsd.org/changeset/ports/313525 Log: - Document vulnerabilities in typo3. Security: b9a347ac-8671-11e2-b73c-0019d18c446a Obtained from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Mar 6 15:44:31 2013 (r313524) +++ head/security/vuxml/vuln.xml Wed Mar 6 15:56:59 2013 (r313525) @@ -51,6 +51,48 @@ Note: Please add new entries to the beg --> + + typo3 -- Multiple vulnerabilities in TYPO3 Core + + + typo3 + 4.5.04.5.23 + 4.6.04.6.16 + 4.7.04.7.8 + 6.0.06.0.2 + + + + +

Typo Security Team reports:

+
+

Extbase Framework - Failing to sanitize user input, the Extbase + database abstraction layer is susceptible to SQL Injection. TYPO3 + sites which have no Extbase extensions installed are not affected. + Extbase extensions are affected if they use the Query Object Model + and relation values are user generated input. Credits go to Helmut + Hummel and Markus Opahle who discovered and reported the issue.

+

Access tracking mechanism - Failing to validate user provided + input, the access tracking mechanism allows redirects to arbitrary + URLs. To fix this vulnerability, we had to break existing + behaviour of TYPO3 sites that use the access tracking mechanism + (jumpurl feature) to transform links to external sites. The link + generation has been changed to include a hash that is checked + before redirecting to an external URL. This means that old links + that have been distributed (e.g. by a newsletter) will not work + any more.

+
+ + + + http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ + + + 2013-03-06 + 2013-03-06 + + + chromium -- multiple vulnerabilities