[TYPO3] Typo3 version and rtehtmlarea in security bulletin 20061220-1

W van Bruggen w.van.bruggen at gmail.com
Wed Jan 24 20:48:55 CET 2007 

The fixes were made available for specific versions of typo3. Version
1.2.1 of htmlarea is the last release that doesn't rely on 4.0
features and should be used to fix the problem, as stated in the
security bulletin. Its not a core problem afaik and 3.8.1 was the last
release for the 3.8.* releases.

gr,
Wietse

On 1/24/07, Santiago Tejero <stejero at unav.es> wrote:
> Hello, Ben. Thanks for your quick answer.
>
> The reason for not upgrade to Typo3 4.0.x is that we have 53 installed
> extensions, some of them (about 10) developed under contract by a third
> company just for this site, and other with custom modifications for this
> site. So an upgrade would not be very straightforward.
>
> My question is if we are secure just updating to 1.2.1 version of
> rtehtmlarea on Typo3 3.8.1?
>
> Thanks in advance.
> Santiago Tejero
>
> ben van 't ende [netcreators] escribió:
>
> >Santiago Tejero wrote:
> >
> >
> >>Hello,
> >>
> >>We've a Typo3 3.8.1 installation and we're using rtehtmlarea 1.2.1. On
> >>the security bulletin "TYPO3-20061220-1: Remote Command Execution in
> >>TYPO3" about the vulnerability of rtehtmlarea 1.2.0 + aspell
> >>    http://typo3.org/teams/security/security-bulletins/typo3-20061220-1/
> >>in the solution page it says on one of the points:
> >>    "A) Update your TYPO3 core system to the latest version"
> >>
> >>Does this means that we need to update our Typo 3.8.1 to Typo 4.0.x or
> >>we're fine with our upgraded rtehtmlarea 1.2.1 on Typo3 3.8.1?
> >>
> >>
> >
> >
> >Hi Santiago,
> >
> >There is a list somewhere! I guess you can find that from the news bulletin. You
> >could just as easily upgrade to TYPO3 4.0.4, which will give you additional
> >features as well.
> >
> >Any reason why you do not upgrade TYPO3?
> >
> >gRTz
> >
> >ben
> >
> >
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>

More information about the TYPO3-english mailing list