[TYPO3] confustion about 'TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3'
Allan Jacobsen
Allan.J at cobsen.dk
Thu Dec 21 22:01:34 CET 2006
Yes.
Best regards
Allan Jacobsen
Den 21/12-2006, skrev "Bing Du" <bdu at iastate.edu>:
>Thanks for the response. Yes, I read through the Changelog before I
>posted to the mailing list. So can I say, if rtehtmlarea is updated to
>the latest version, typo3 4.0.4 can run safely even if safe_mode is
>disabled?
>
>Bing
>
>>
>> I am not on the security team, but if you read the changelog for 4.0.4 i
>> think you will see that it has the fix for the vulnerability.
>>
>> Best regards
>> Allan Jacobsen
>> Den 21/12-2006, skrev "Bing Du" <bdu at iastate.edu>:
>>
>>>Hi,
>>>
>>>From my understanding of the affected versions and the problem
>>>description, TYPO3 default installation version 4.0 through 4.0.3,
>>> 4.1beta
>>>are vulnerable if safe_mode is off.
>>>
>>>But if typo3 V4.0.4 is used which is the latest, do I have to turn
>>>safe_mode on?
>>>
>>>I had trouble making ImageMagick work with typo3 4.0.4 in safe_mode even
>>>though I created necessary symlinks according the installation and
>>> upgrade
>>>document. See my previous post.
>>>
>>>I'd appreciate if anybody could shed some light on that.
>>>
>>>Thanks,
>>>
>>>Bing
>>>
>>>
>>>_______________________________________________
>>>TYPO3-english mailing list
>>>TYPO3-english at lists.netfielders.de
>>>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>> _______________________________________________
>> TYPO3-english mailing list
>> TYPO3-english at lists.netfielders.de
>> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>>
>
>_______________________________________________
>TYPO3-english mailing list
>TYPO3-english at lists.netfielders.de
>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
More information about the TYPO3-english
mailing list