Hi, please unblock typo3-dummy 4.2.4-1, it fixes an (at least) important bug. typo3-dummy (4.2.4-1) unstable; urgency=high . * New upstream release. * Added /usr/share/javascript/prototype/, /usr/share/javascript/scriptaculous/ to open_basedir in apache.conf. (Closes: 512624) * Changed sendmail_path in apache.conf to include parameters "-t -i" (Closes: 512626) the debdiff to 4.2.3-1: apache.conf | 8 ++++---- changelog | 10 ++++++++++ 2 files changed, 14 insertions(+), 4 deletions(-) Please also unblock typo3-src 4.2.4-1, it fixes five security issues (considered RC). This is also a new upstream version, but it's a maintainance release, fixing several other (mostly trivial) bugs as well. The debdiff is quite big, but most of it is due to the changelog (500 lines, they are pretty verbose) and to the removal of the adodb backend driver and related documentation. (If you prefer, I could provide a cleaned debdiff.) The debdiff has by reviewed by the maintainer, Christian and me (his sponsor) and has been considered sane. If you prefer that we backport the security fixes only, we will sigh and do it. But I believe for further security support in lennys lifetime it's easier if we can base it on this version. I guess it will also result in happier users ;-) typo3-src (4.2.4-1) unstable; urgency=high . * New upstream release. - fixes TYPO3 Security Bulletin TYPO3-SA-2009-001: Multiple vulnerabilities in TYPO3 Core (Closes: 512608) * Updated package description. * Updated copyright file to list the license of two icons. 2009-01-20 Ingo Renner <ingo@typo3.org> * Release of TYPO3 4.2.4 2009-01-20 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9774: Incorrect validation of allowed classes in RTE transformation 2009-01-20 Ingmar Schlecht <ingmar@typo3.org> * Fixed bug #10186: Time shifting (again) in datetime fields (followup to Bug#8746; thanks to Ernesto Baschny) * Fixed bug #10146: Session fixation vulnerability in user authentication (thanks to the TYPO3 Security Team and especially Marcus Krause) * Fixed bug #10159: XSS vulnerability in workspace module (thanks to the TYPO3 Security Team and especially Marcus Krause) 2009-01-20 Ingo Renner <ingo@typo3.org> * Added missing license statement for using the "Silk" icon set of Mark James according to Creative Commons Attribution 2.5 * Fixed bug #10134: XSS vulnerability in sysext indexed_search (thanks to the TYPO3 Security Team and especially Marcus Krause) * Fixed bug #10133: Command execution in sysext indexed_search (thanks to the TYPO3 Security Team and especially Marcus Krause) * Fixed bug #10154: Weak encryption key generation vulnerability in sysext install (thanks to the TYPO3 Security Team, and especially Marcus Krause) * Fixed bug #9705: Moving page in WS will hide it from editors due to missing access settings of placeholder (thanks to Franz-Xaver Koch and Michael Stucki) 2009-01-19 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #9935: htmlArea RTE: enableWordClean on paste does not work when hidden button is not in toolbar 2009-01-19 Steffen Kamper <info@sk-typo3.de> * Fixed bug #10183: [felogin] redirect doesn't work with return_url 2009-01-18 Francois Suter <francois@typo3.org> * Cleanup #10125: Replace deprecated function calls in sysext indexed_search (thanks to Markus Krause) 2009-01-17 Oliver Hader <oliver@typo3.org> * Fixed bug #7677: Constants are not correctly substituted on some PHP5 distributions 2009-01-16 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9307: Remove an obsolete check for disable_exec_function in filelist * Fixed bug #10157: t3lib/config_default.php textfile_ext should be updated to include xml and other text types 2009-01-15 Steffen Kamper <info@sk-typo3.de> * Fixed bug #10057: hide/unhide page causes error when done via the context menu * Fixed bug #10158: change of url only (com => org) * Fixed bug #8787: titles length in list module (thanks to Stefano Cecere) 2009-01-14 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #10140: htmlArea RTE: Alignment of td's and th's in out-of-the-box installation 2009-01-14 Steffen Kamper <info@sk-typo3.de> * Fixed bug #10143 spamProtectEmailAddresses_atSubst does not work correctly if linktext contains email address with uppercase charachters (thanks to Helmut Hummel) 2009-01-14 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #10116: Remove/protect adodb testfiles (thanks to Marcus Krause) 2009-01-13 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #10109: Google reports duplicate title tag * Fixed bug #10120: Add .buildpath to svn:ignore 2009-01-12 Oliver Hader <oliver@typo3.org> * Fixed bug #8991: IRRE - Sorting icons of inline records are in wrong order 2009-01-11 Oliver Hader <oliver@typo3.org> * Fixed bug #5630: Install tool removes dots from admin usernames (thanks to Stefano Kowalke) * Fixed bug #10090: Hanging record sets in t3lib_TCEmain 2009-01-11 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9825: Copy / Cut icons don't respect t3skin: drag'n'drop in pagetree (credits to Susanne Moog) 2009-01-09 Oliver Hader <oliver@typo3.org> * Fixed bug #10083: Constant styles.content.imgtext.separateRows is not defined 2009-01-08 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #9596: htmlArea RTE does not work in IRRE subelements 2009-01-08 Oliver Hader <oliver@typo3.org> * Fixed bug #9893: Syntax error in TCA types definitions of tt_content 2009-01-08 Benjamin Mack <benni@typo3.org> * Fixed bug #9194: Bug: wrong handling of 'is_in' list in TCA element type 'input' (Thanks to Vladimir Podkovanov) 2009-01-07 Francois Suter <francois@typo3.org> * Fixed bug #10075: Rootline cache does not work in multilingual websites 2009-01-05 Steffen Kamper <info@sk-typo3.de> * Fixed bug #10055: Add contrib directory to list of allowed paths (thanks to Dan Osipov) * Fixed bug Fixed bug #9506: label uid shows not working * Fixed bug #10056: Misspelling english word "guesbooks" 2009-01-03 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #10047: typo3/contrib is not prefixed with config.absRefPrefix 2009-01-01 Benjamin Mack <benni@typo3.org> * Fixed bug #8361: Stage change notification emails not send when publishing from Live workspace (Thanks to Andreas Wolf) 2008-12-30 Francois Suter <francois@typo3.org> * Fixed bug #10035: Function index not up to date in class t3lib_div 2008-12-29 Ernesto Baschny <ernst@cron-it.de> * Fixed bug #8746: Date/time field problem with timezone shifting when using the "+NN", "d" or "d+NN" shortcuts * Fixed bug #10033: Date/time field shortcut "d" doesn't work on already filled date fields since 4.2.0 * Fixed issue that on a datetime field entering just a "date" wasn't possible: It is now, and time will be set to "0:00" 2008-12-29 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9773: Fallback for skinImg having forceFileExtension * Fixed bug #8205: Shortcut ends in parse_url-error * Fixed bug #10022: Pagecontent/Hidden has no effect 2008-12-25 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #10012: TYPO3 generates incorrect ETag 2008-12-24 Francois Suter <francois@typo3.org> * Fixed bug #9948: Label rm.clearCache_pages was abusively removed from core lang file 2008-12-23 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #9999: Setting [BE][compressionLevel]=true causes problems 2008-12-23 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9810: ClearCacheMenu doesn't work when click on icon 2008-12-22 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9977: Extensions class.ext_update.php scripts are executed even when extension isn't loaded 2008-12-20 Steffen Kamper <info@sk-typo3.de> * Fixed bug #8952: Flags are missing * Fixed bug #8525: added Korean flag 2008-12-18 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #9772: t3lib_parsehtml_proc does not provide Page TSConfig to user-defined RTE transformations 2008-12-18 Steffen Kamper <info@sk-typo3.de> * Fixed bug #7265: Submodules of Web module can't work with mod.php and the _DISPATCH system 2008-12-18 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #9947: gzip compression does not work in BE at all * Fixed bug #9741: wrong anchor links with absRefPrefix option enabled (tanks to Stefan Galinski) 2008-12-18 Ernesto Baschny <ernst@cron-it.de> * Fixed bug #9511: getHtmlTemplate should use resolveBackPath. Fixes bug for extension BE modules using templates in certain environments (symlinked typo3/ dir) (thanks to Steffen Gebert) 2008-12-10 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9836: RTE TSconfig lost when uploading files or creating folders 2008-12-09 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9915: Typing error in tslib_content ($gifCreateor => $gifCreator) 2008-12-08 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9890: sectionIndex in Menu doesn't work 2008-12-03 Martin Kutschker <masi@typo3.org> * Fixed bug #6415: preg_replace error on PHP 5.2 sometimes resulting in empty pages (thanks to Francois Suter) 2008-12-02 Stanislas Rolland <typo3@sjbr.ca> * Updated htmlArea RTE version to 1.7.8 for TYPO3 4.2.4 * Fixed bug #9878: htmlArea RTE: js error may be raised when loading through IRRE Ajax call 2008-12-01 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #9790: class.gzip_encode.php fails with open_basedir restrictions 2008-12-01 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9864: felogin: Drop languages from locallang.xml 2008-11-29 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9862: missing class for checkbox in t3editor 2008-11-27 Dmitry Dulepov <dmitry.dulepov@gmail.com> * Fixed bug #8944: PHP-Error in class.em_index.php on line 4333 2008-11-25 Steffen Kamper <info@sk-typo3.de> * Fixed bug #8561: Checkboxes and labels are aligned badly if in one line * Fixed bug #9725: double enquote in t3lib_htmlmail of returnPath 2008-11-24 Dmitry Dulepov <dmitry@typo3.org> * Fixed bug #9806: Mountpoints do not work across domain boundaries 2008-11-22 Steffen Kamper <info@sk-typo3.de> * Fixed bug #9798: Don't show fe_users password in page module 2008-11-13 Steffen Kamper <info@sk-typo3.de> * Fixed bug #8903: redirect url is not passed with get/post method 2008-11-12 Stanislas Rolland <typo3@sjbr.ca> * Fixed bug #9755: Incorrect initialization sequence in class browse_links regards, Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.