[TYPO3] Typo3 version and rtehtmlarea in security bulletin 20061220-1

Santiago Tejero stejero at unav.es
Thu Jan 25 10:48:03 CET 2007 

Hello, Wietse:

Thanks for your quick answer that solves my doubt.
I see I can fix the bug with Typo3 3.8.1 and rtehtmlarea 1.2.1, and that 
it is not necessary to install 4.0.*

Santiago Tejero.

W van Bruggen escribió:

>The fixes were made available for specific versions of typo3. Version
>1.2.1 of htmlarea is the last release that doesn't rely on 4.0
>features and should be used to fix the problem, as stated in the
>security bulletin. Its not a core problem afaik and 3.8.1 was the last
>release for the 3.8.* releases.
>
>gr,
>Wietse
>
>On 1/24/07, Santiago Tejero <stejero at unav.es> wrote:
>  
>
>>Hello, Ben. Thanks for your quick answer.
>>
>>The reason for not upgrade to Typo3 4.0.x is that we have 53 installed
>>extensions, some of them (about 10) developed under contract by a third
>>company just for this site, and other with custom modifications for this
>>site. So an upgrade would not be very straightforward.
>>
>>My question is if we are secure just updating to 1.2.1 version of
>>rtehtmlarea on Typo3 3.8.1?
>>
>>Thanks in advance.
>>Santiago Tejero
>>
>>ben van 't ende [netcreators] escribió:
>>
>>    
>>
>>>Santiago Tejero wrote:
>>>
>>>
>>>      
>>>
>>>>Hello,
>>>>
>>>>We've a Typo3 3.8.1 installation and we're using rtehtmlarea 1.2.1. On
>>>>the security bulletin "TYPO3-20061220-1: Remote Command Execution in
>>>>TYPO3" about the vulnerability of rtehtmlarea 1.2.0 + aspell
>>>>   http://typo3.org/teams/security/security-bulletins/typo3-20061220-1/
>>>>in the solution page it says on one of the points:
>>>>   "A) Update your TYPO3 core system to the latest version"
>>>>
>>>>Does this means that we need to update our Typo 3.8.1 to Typo 4.0.x or
>>>>we're fine with our upgraded rtehtmlarea 1.2.1 on Typo3 3.8.1?
>>>>
>>>>
>>>>        
>>>>
>>>Hi Santiago,
>>>
>>>There is a list somewhere! I guess you can find that from the news bulletin. You
>>>could just as easily upgrade to TYPO3 4.0.4, which will give you additional
>>>features as well.
>>>
>>>Any reason why you do not upgrade TYPO3?
>>>
>>>gRTz
>>>
>>>ben
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>TYPO3-english mailing list
>>TYPO3-english at lists.netfielders.de
>>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>>
>>    
>>
>_______________________________________________
>TYPO3-english mailing list
>TYPO3-english at lists.netfielders.de
>http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
>
>  
>

More information about the TYPO3-english mailing list