ports/131156: vuxml update for security vulnerability: ports:www/typo3.

Thomas Sandford freebsd-user at paradisegreen.co.uk
Fri Jan 30 12:20:07 UTC 2009 

>Number:         131156
>Category:       ports
>Synopsis:       vuxml update for security vulnerability: ports:www/typo3.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 30 12:20:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Sandford
>Release:        FreeBSD 7.0-RELEASE-p6 i386
>Organization:
>Environment:
System: FreeBSD miriam.paradisegreen.co.uk 7.0-RELEASE-p6 FreeBSD 7.0-RELEASE-p6 #0: Mon Nov 24 06:43:33 UTC 2008 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386

>Description:
	vuxml for vendor security report for TYPO3

--- vuln.xml.patch1 begins here ---
--- vuln.xml.old	2009-01-30 11:46:07.000000000 +0000
+++ vuln.xml	2009-01-30 11:48:27.000000000 +0000
@@ -34,6 +34,38 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+   <vuln vid="4c93cea7-0366-4e04-a870-e542b634c7df">
+     <topic>typo3 -- Multiple vulnerabilities in TYPO3 Core </topic>
+     <affects>
+       <package>
+         <name>typo3</name>
+         <range><lt>4.2.4</lt></range>
+       </package>
+     </affects>
+     <description>
+       <body xmlns="http://www.w3.org/1999/xhtml">
+         <p>Vendor reports:</p>
+         <blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001">
+           <p>Broken Authentication and Session Management Cross-Site Scripting Insecure Randomness and Remote Command Execution.
+
+Overall severity: High</p>
+         </blockquote>
+       </body>
+     </description>
+     <references>
+      <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001</url>
+      <cvename>CVE-2009-0255</cvename>
+      <cvename>CVE-2009-0256</cvename>
+      <cvename>CVE-2009-0257</cvename>
+      <cvename>CVE-2009-0258</cvename>
+      <bid>33376</bid>
+     </references>
+     <dates>
+       <discovery>2009-01-20</discovery>
+       <entry>2009-01-30</entry>
+     </dates>
+   </vuln>
+
   <vuln vid="6a523dba-eeab-11dd-ab4f-0030843d3802">
     <topic>moinmoin -- multiple cross site scripting vulnerabilities</topic>
     <affects>
--- vuln.xml.patch1 ends here ---


>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list