[Secure-testing-commits] r35659 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Jul 23 20:19:55 UTC 2015
Author: jmm
Date: 2015-07-23 20:19:55 +0000 (Thu, 23 Jul 2015)
New Revision: 35659
Modified:
data/CVE/list
Log:
typo EOL, also removed removal in next oldstable point update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-07-23 20:17:18 UTC (rev 35658)
+++ data/CVE/list 2015-07-23 20:19:55 UTC (rev 35659)
@@ -13243,6 +13243,7 @@
- linux-2.6 <removed>
CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS]
- typo3-src 4.5.40+dfsg1-1 (bug #766502)
+ [wheezy] - typo3-src <end-of-life> (See DSA 3314)
[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
CVE-2014-XXXX [Kodi Cross-Site Request Forgery]
@@ -14938,13 +14939,13 @@
NOT-FOR-US: TP-Link TL-WR840N router
CVE-2014-9509 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x ...)
- typo3-src <removed>
- [wheezy] - typo3-src <no-dsa> (Can be worked around by configuration knobs)
+ [wheezy] - typo3-src <end-of-life> (See DSA 3314)
[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
NOTE: Solution is to remove he configuration options config.prefixLocalAnchors
NOTE: (and optionally also config.baseUrl) in favor of config.absRefPrefix
CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x ...)
- typo3-src 4.5.40+dfsg1-1 (bug #775105)
- [wheezy] - typo3-src <no-dsa> (Can be worked around by configuration knobs)
+ [wheezy] - typo3-src <end-of-life> (See DSA 3314)
[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://review.typo3.org/#/c/35222/
NOTE: https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96
More information about the Secure-testing-commits
mailing list