[TYPO3] confustion about 'TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3'
Allan Jacobsen
Allan.J at cobsen.dk
Thu Dec 21 20:28:47 CET 2006
I am not on the security team, but if you read the changelog for 4.0.4 i
think you will see that it has the fix for the vulnerability.
Best regards
Allan Jacobsen
Den 21/12-2006, skrev "Bing Du" <bdu at iastate.edu>:
>Hi,
>
>From my understanding of the affected versions and the problem
>description, TYPO3 default installation version 4.0 through 4.0.3, 4.1beta
>are vulnerable if safe_mode is off.
>
>But if typo3 V4.0.4 is used which is the latest, do I have to turn
>safe_mode on?
>
>I had trouble making ImageMagick work with typo3 4.0.4 in safe_mode even
>though I created necessary symlinks according the installation and upgrade
>document. See my previous post.
>
>I'd appreciate if anybody could shed some light on that.
>
>Thanks,
>
>Bing
>
>
>_______________________________________________
>TYPO3-english mailing list
>TYPO3-english at lists.netfielders.de
>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list