TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values. CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection. Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that. For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze8. For the testing distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5. For the unstable distribution (sid), these problems have been fixed in version 4.5.19+dfsg1-5. We recommend that you upgrade your typo3-src packages.
TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.
Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values.
Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection.
Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that.
For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze8.
For the testing distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5.
For the unstable distribution (sid), these problems have been fixed in version 4.5.19+dfsg1-5.
We recommend that you upgrade your typo3-src packages.