[TYPO3-english] mm_forum security update does have the changes
Christopher Lörken
lists at bytro.com
Tue Mar 16 20:12:20 CET 2010
I am sorry for any trouble I may have caused, I've contacted the
security team and I did indeed overlook the changes.
Please disregard these posts.
Sorry,
Christopher
Am 16.03.2010 17:32, schrieb Christopher Lörken:
> Hi,
>
> as announced in today's typo3-announce mail [1] and security advisory
> [2], the mm_forum extension shows cross site scripting vulnerabilities.
>
> Since we have adjusted parts of the code I will have to look at the
> changes and merge them into our version. I've downloaded the brand new
> t3x file for version 1.8.3 from the extension repository and compared it
> against the SVN snapshot of the previous 1.8.2. But: I found no changes...
>
> The forge SVN does not yet contain a 1.8.3 tag, the current trunk
> version shows no commits regarding critical security fixes and since the
> current t3x file is exactly the same as that of version 1.8.2, I'd
> really like to know what are the changes and what are the
> vulnerabilities...?
>
>
> Does anyone have more information?
>
> Thanks in advance and best wishes,
> Christopher
>
>
> ----
> [1] http://lists.typo3.org/pipermail/typo3-announce/2010/000149.html
> [2] http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/
More information about the TYPO3-english
mailing list