Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users. The old stable distribution (sarge) doesn't contain typo3-src. For the stable distribution (etch), this problem has been fixed in version 4.0.2+debian-4. For the unstable distribution (sid) and for the testing distribution (lenny), this problem has been fixed in version 4.1.5-1. We recommend that you upgrade your typo3-src packages.
Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
The old stable distribution (sarge) doesn't contain typo3-src.
For the stable distribution (etch), this problem has been fixed in version 4.0.2+debian-4.
For the unstable distribution (sid) and for the testing distribution (lenny), this problem has been fixed in version 4.1.5-1.
We recommend that you upgrade your typo3-src packages.
MD5 checksums of the listed files are available in the original advisory.