Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:2862
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo> <issue id="881282" tracker="bnc">VUL-0: CVE-2014-3941: typo3-cms-4_5, typo3-cms-4_7: unspecified impact via a crafted HTTP Host header</issue> <issue id="881281" tracker="bnc">VUL-0: CVE-2014-3942: typo3-cms-4_5, typo3-cms-4_7: Color Picker Wizard component RCE</issue> <issue id="881280" tracker="bnc">VUL-0: CVE-2014-3943: typo3-cms-4_5, typo3-cms-4_7: Multiple cross-site scripting (XSS) vulnerabilities</issue> <issue id="CVE-2014-3941" tracker="cve" /> <issue id="CVE-2014-3942" tracker="cve" /> <issue id="CVE-2014-3943" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>thomas-worm</packager> <description>typo3-cms-4_5 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed: * Add trusted HTTP_HOST configuration (CVE-2014-3941) * XSS in (old) extension manager information function (CVE-2014-3943) * XSS in new content element wizard (CVE-2014-3943) * XSS in template tools on root page (CVE-2014-3943) * XSS in Backend Layout Wizard (CVE-2014-3943) * Encode URL for use in JavaScript (CVE-2014-3943) * Fix insecure unserialize in colorpicker (CVE-2014-3942) * Remove charts.swf to get rid of XSS vulnerability (CVE-2014-3943) </description> <summary>typo3-cms-4_5: Update to 4.5.34 to fix eight security issues</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor