----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Debian update for typo3-src

SECUNIA ADVISORY ID:
SA33871

VERIFY ADVISORY:
http://secunia.com/advisories/33871/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Exposure of system information, Exposure of
sensitive information

WHERE:
>From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for typo3-src. This fixes some
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks and disclose sensitive
information.

For more information:
SA33829

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-8.dsc
Size/MD5 checksum: 618 8a7ebb8edf133224fc8c552c12b6cb3d
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-8.diff.gz
Size/MD5 checksum: 24943 588b00a669ba0db62551749d9379a0ce
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
Size/MD5 checksum: 7683527 be509391b0e4d24278c14100c09dc673

Architecture independent components:

http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-8_all.deb
Size/MD5 checksum: 7677310 456187cb35360f2f9b35ab54fb8d6db5
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-8_all.deb
Size/MD5 checksum: 77252 87ceec7498d3df3436dc0a663088d2b6

-- Debian GNU/Linux unstable alias sid --

Fixed in version 4.2.6-1.

ORIGINAL ADVISORY:
DSA-1720-1:
http://lists.debian.org/debian-security-announce/2009/msg00029.html

OTHER REFERENCES:
SA33829:
http://secunia.com/advisories/33829/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------