1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-15 03:14:23 +00:00
freebsd-ports/www/typo3/distinfo
Martin Wilke dc0e0ced8d - Update to 4.2.6
Security update:
An Information Disclosure vulnerability in jumpUrl mechanism,
used to track access on web pages and provided files, allows
a remote attacker to read arbitrary files on a host.

The expected value of a mandatory hash secret, intended to
invalidate such requests, is exposed to remote users allowing
them to bypass access control by providing the correct value.

There's no authentication required to exploit this vulnerability.
The vulnerability allows to read any file, the web server user account
has access to.

With hat:	secteam
Security:	http://www.vuxml.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html
2009-02-11 10:33:34 +00:00

7 lines
391 B
Plaintext

MD5 (typo3_src-4.2.6.tar.gz) = eb6f557a2970105a6a659d0ef1a92cec
SHA256 (typo3_src-4.2.6.tar.gz) = b8a47954cf39522b20352ee97c74b173eed50520293f2214d7c72af6782689c8
SIZE (typo3_src-4.2.6.tar.gz) = 8147681
MD5 (dummy-4.2.6.tar.gz) = 9e4a7c2ba8ea6ab540c564dd9daacd63
SHA256 (dummy-4.2.6.tar.gz) = 586e409f25d93c12d245f0f4ead919197abfb7df97455351d3790425f7b752fd
SIZE (dummy-4.2.6.tar.gz) = 9425