[TYPO3] confustion about 'TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3'
Bing Du
bdu at iastate.edu
Thu Dec 21 20:56:26 CET 2006
Thanks for the response. Yes, I read through the Changelog before I
posted to the mailing list. So can I say, if rtehtmlarea is updated to
the latest version, typo3 4.0.4 can run safely even if safe_mode is
disabled?
Bing
>
> I am not on the security team, but if you read the changelog for 4.0.4 i
> think you will see that it has the fix for the vulnerability.
>
> Best regards
> Allan Jacobsen
> Den 21/12-2006, skrev "Bing Du" <bdu at iastate.edu>:
>
>>Hi,
>>
>>From my understanding of the affected versions and the problem
>>description, TYPO3 default installation version 4.0 through 4.0.3,
>> 4.1beta
>>are vulnerable if safe_mode is off.
>>
>>But if typo3 V4.0.4 is used which is the latest, do I have to turn
>>safe_mode on?
>>
>>I had trouble making ImageMagick work with typo3 4.0.4 in safe_mode even
>>though I created necessary symlinks according the installation and
>> upgrade
>>document. See my previous post.
>>
>>I'd appreciate if anybody could shed some light on that.
>>
>>Thanks,
>>
>>Bing
>>
>>
>>_______________________________________________
>>TYPO3-english mailing list
>>TYPO3-english at lists.netfielders.de
>>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
More information about the TYPO3-english
mailing list