Russian TYPO3 community - Показать сообщение отдельно - [TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe

Может стоит создать раздел на форуме типа "Безопасность" и перечислять уязвимости?

Пришло по рассылке

----- Forwarded message from Michael Hirdes <dodger/typo3.org> -----

Date: Tue, 10 Oct 2006 15:43:07 +0200
From: Michael Hirdes <dodger/typo3.org>
To: typo3-announce/lists.netfielders.de
Subject: [TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc

Dear users of TYPO3,

A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc

The "backURL" parameter is not escaped correctly. A prepared URL could potentially contain some unwanted JavaScript code.

A patched Version has been released under [1]

The upcoming release 4.0.3 of TYPO3 will contain this patch.

Please see [1] for instruction how to patch your installations.

Also the TYPO33 Security Cookbook has been released under [2] please have a look at this.

on behalf of the Security Team,
Michael Hirdes

[1] http://typo3.org/teams/security/secu...o3-20061010-1/
[2] http://typo3.org/teams/security/

--
TYPO3 Security Team
http://typo3.org/teams/security
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.netfielders.de
http://lists.netfielders.de/cgi-bin/...typo3-announce

----- End forwarded message -----

--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/ _______________________________________________
TYPO3-russia mailing list
TYPO3-russia@lists.netfielders.de
http://lists.netfielders.de/cgi-bin/...o/typo3-russia

12.10.2006, 05:46	#1
Дылгеров Ц.В. Senior Member Регистрация: 14.11.2005 Адрес: Улан-Удэ Сообщений: 158	[TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc Может стоит создать раздел на форуме типа "Безопасность" и перечислять уязвимости? Пришло по рассылке ----- Forwarded message from Michael Hirdes <dodger/typo3.org> ----- Date: Tue, 10 Oct 2006 15:43:07 +0200 From: Michael Hirdes <dodger/typo3.org> To: typo3-announce/lists.netfielders.de Subject: [TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc Dear users of TYPO3, A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc The "backURL" parameter is not escaped correctly. A prepared URL could potentially contain some unwanted JavaScript code. A patched Version has been released under [1] The upcoming release 4.0.3 of TYPO3 will contain this patch. Please see [1] for instruction how to patch your installations. Also the TYPO33 Security Cookbook has been released under [2] please have a look at this. on behalf of the Security Team, Michael Hirdes [1] http://typo3.org/teams/security/secu...o3-20061010-1/ [2] http://typo3.org/teams/security/ -- TYPO3 Security Team http://typo3.org/teams/security _______________________________________________ TYPO3-announce mailing list TYPO3-announce/lists.netfielders.de http://lists.netfielders.de/cgi-bin/...typo3-announce ----- End forwarded message ----- -- ---- WBR, Michael Shigorin <mike@altlinux.ru> ------ Linux.Kiev http://www.linux.kiev.ua/ _______________________________________________ TYPO3-russia mailing list TYPO3-russia@lists.netfielders.de http://lists.netfielders.de/cgi-bin/...o/typo3-russia