Package typo3_src: Information

    Source package: typo3_src
    Version: 4.2.17-alt0.M40.1
    Build time:  Dec 28, 2010, 05:56 PM
    Category: Networking/Other
    Report package bug
    License: GPL
    Summary: A free, feature rich, Content Management Framework/System
    Description: 
    TYPO3 is a free Open Source content management system for
    enterprise purposes on the web and in intranets. It offers full
    flexibility and extendability while featuring an accomplished set
    of ready-made interfaces, functions and modules.
    
    To find out more, see http://www.typo3.org | http://www.typo3.ru.
    
    You should install MySQL-server package or care of DBAL
    setup yourself.  It's also highly recommended to install some
    sort of PHP accelerator, like php-mmcache, php5-eaccelerator
    or php5-xcache.

    List of rpms provided by this srpm:
    typo3-apache (noarch)
    typo3-apache2 (noarch)
    typo3_src (noarch)

    Maintainer: Michael Shigorin

    List of contributors:
    Michael Shigorin


    Last changed


    Dec. 28, 2010 Michael Shigorin 4.2.17-alt0.M40.1
    - 4.2.17: regression fixes, see
      http://wiki.typo3.org/wiki/TYPO3_4.2.17
    Dec. 19, 2010 Michael Shigorin 4.2.16-alt0.M40.1
    - 4.2.16: major security fixes, see
      http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/
      + arbitrary code execution due to insufficient input validation
        in PHP file inclusion protection API
      + a few more less severe problems, see the link above
    Oct. 6, 2010 Michael Shigorin 4.2.15-alt0.M40.1
    - 4.2.15: critical security fixes, see
      http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
      + remote file disclosure (no auth required)
      + several XSS in backend (valid backend login required)
      + remote file disclosure in EM (valid backend admin login required)
      + privilege escalation possible for backend user having permission
        to create other backend users due to improper user input validation
      + DoS with php crash in t3lib_div::validEmail()
      + XSS protection incomplete in RemoveXSS()