LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

typo3-src: multiple vulnerabilities

Package(s):typo3-src CVE #(s):CVE-2013-1842 CVE-2013-1843
Created:March 18, 2013 Updated:March 21, 2013
Description: From the Debian advisory:

CVE-2013-1842: Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values.

CVE-2013-1843: Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection.

See the upstream advisory for additional information.

Alerts:
Debian DSA-2646-1 2013-03-15
openSUSE openSUSE-SU-2013:0510-1 2013-03-21
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds