Date: Fri, 14 Dec 2018 11:57:19 +0000 (UTC) From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r487425 - head/security/vuxml Message-ID: <201812141157.wBEBvJvS010416@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: joneum Date: Fri Dec 14 11:57:19 2018 New Revision: 487425 URL: https://svnweb.freebsd.org/changeset/ports/487425 Log: Add entry for typo3-8 and typo3-9 PR: 233935 233936 Sponsored by: Netzkommune GmbH Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Dec 14 11:28:43 2018 (r487424) +++ head/security/vuxml/vuln.xml Fri Dec 14 11:57:19 2018 (r487425) @@ -58,6 +58,68 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="bab29816-ff93-11e8-b05b-00e04c1ea73d"> + <topic>typo3 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>typo3-8</name> + <range><lt>8.7.21</lt></range> + </package> + <package> + <name>typo3-9</name> + <range><lt>9.5.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Typo3 core team reports:</p> + <blockquote cite="https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/">; + <p>CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. + The vulnerability stemmed from the fact that it was possible to execute XSS inside + the CKEditor source area after persuading the victim to: (i) switch CKEditor to + source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, + into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode. + Although this is an unlikely scenario, we recommend to upgrade to the latest editor version.</p> + <p>Failing to properly encode user input, online media asset rendering + (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user + account or write access on the server system (e.g. SFTP) is needed in order to exploit this + vulnerability.</p> + <p>Failing to properly encode user input, notifications shown in modal windows in the TYPO3 + backend are vulnerable to cross-site scripting. A valid backend user account is needed in + order to exploit this vulnerability.</p> + <p>Failing to properly encode user input, login status display is vulnerable to cross-site + scripting in the website frontend. A valid user account is needed in order to exploit this + vulnerability - either a backend user or a frontend user having the possibility to modify + their user profile. + Template patterns that are affected are: + ###FEUSER_[fieldName]### using system extension felogin + <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually + using TypoScript setting config.USERNAME_substToken)</p> + <p>It has been discovered that cookies created in the Install Tool are not hardened to be + submitted only via HTTP. In combination with other vulnerabilities such as cross-site + scripting it can lead to hijacking an active and valid session in the Install Tool.</p> + <p>The Install Tool exposes the current TYPO3 version number to non-authenticated users.</p> + <p>Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable + to denial of service. Putting large files with according file extensions results in high + consumption of system resources. This can lead to exceeding limits of the current PHP process + which results in a dysfunctional backend component. A valid backend user account or write + access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.</p> + <p>TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs + URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous + user sessions are valid, attackers can use this vulnerability in order to create an arbitrary + amount of individual session-data records in the database.</p> + </blockquote> + </body> + </description> + <references> + <url>https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/</url>; + </references> + <dates> + <discovery>2018-12-11</discovery> + <entry>2018-12-14</entry> + </dates> + </vuln> + <vuln vid="757e6ee8-ff91-11e8-a148-001b217b3468"> <topic>Gitlab -- Arbitrary File read in GitLab project import with Git LFS</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812141157.wBEBvJvS010416>