Ubuntu
typo3-src package

[typo3-src] [CVE-2007-6381] SQL injection vulnerability

Bug #180300 reported by disabled.user
258
Affects Status Importance Assigned to Milestone
typo3-src (Debian)
Fix Released
Unknown
typo3-src (Ubuntu)
Fix Released
High
William Grant
Dapper
Won't Fix
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
High
William Grant

Bug Description

References:
DSA-1439-1 (http://www.debian.org/security/2007/dsa-1439)

Quoting:
"Henning Pingel discovered that TYPO3, a web content management framework,
performs insufficient input sanitising, making it vulnerable to SQL
injection by logged-in backend users."

CVE References

Bug Watch Updater (bug-watch-updater)
Changed in typo3-src:
status: Unknown → Fix Released
William Grant (wgrant)
Changed in typo3-src:
assignee: nobody → fujitsu
importance: Undecided → High
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package typo3-src - 4.1.2+debian-1ubuntu1

---------------
typo3-src (4.1.2+debian-1ubuntu1) hardy; urgency=low

  * SECURITY UPDATE: arbitary SQL injection. (LP: #180300)
    - debian/patches/03_CVE-2007-6381.dpatch: Ensure that the page ID is in
      fact an integer. Patch from Debian.
    - References:
      + CVE-2007-6381

 -- William Grant <email address hidden> Sat, 29 Mar 2008 23:48:31 +1100

Changed in typo3-src:
status: Triaged → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in typo3-src:
status: New → Won't Fix
Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in typo3-src:
status: New → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in typo3-src (Ubuntu Gutsy):
status: New → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in typo3-src (Ubuntu Dapper):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.