File _patchinfo of Package patchinfo

<patchinfo>
  <issue id="881282" tracker="bnc">VUL-0: CVE-2014-3941: typo3-cms-4_5, typo3-cms-4_7: unspecified impact via a crafted HTTP Host header</issue>
  <issue id="881281" tracker="bnc">VUL-0: CVE-2014-3942: typo3-cms-4_5, typo3-cms-4_7: Color Picker Wizard component RCE</issue>
  <issue id="881280" tracker="bnc">VUL-0: CVE-2014-3943: typo3-cms-4_5, typo3-cms-4_7: Multiple cross-site scripting (XSS) vulnerabilities</issue>
  <issue id="CVE-2014-3941" tracker="cve" />
  <issue id="CVE-2014-3942" tracker="cve" />
  <issue id="CVE-2014-3943" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>thomas-worm</packager>
  <description>typo3-cms-4_7 was updated to version 4.7.19 to fix eight security vulnerabilities and several other bugs.

These security problems where fixed:
* Add trusted HTTP_HOST configuration (CVE-2014-3941)
* XSS in (old) extension manager information function (CVE-2014-3943)
* XSS in new content element wizard (CVE-2014-3943)
* XSS in template tools on root page (CVE-2014-3943)
* XSS in Backend Layout Wizard (CVE-2014-3943)
* Encode URL for use in JavaScript (CVE-2014-3943)
* Fix insecure unserialize in colorpicker (CVE-2014-3942)
* Remove charts.swf to get rid of XSS vulnerability (CVE-2014-3943)
</description>
  <summary>typo3-cms-4_7: Update to 4.7.19 to fix eight security issues</summary>
</patchinfo>