[TYPO3-english] Overview of extensions with security issues?
Marcus Krause
marcus#exp2010 at t3sec.info
Sat Nov 6 22:11:07 CET 2010
Hi!
Marcus Krause schrieb am 11/06/2010 07:17 PM Uhr:
> Marcus Krause schrieb am 11/06/2010 06:56 PM Uhr:
>> Hi!
>>
>> J. Schaller schrieb am 11/06/2010 06:48 PM Uhr:
>>> On Sat, 06 Nov 2010 18:30:02 +0100, Steffen Gebert
>>> The reason I come up with this is that I checked via backend for the
>>> availabilty of certain extensions which would enhace comments and
>>> installed an old version 0.1 of an extension that was flagged as
>>> insecure as of 0.2 which I later found out. Of course, that newer
>>> extension is not available via the EM, and if I'd known that I
>>> wouldn't have bothered with the old version either.
>
> Answering myself as Jörg has contacted me:
> The extension in question is "commentsbe", the version numbers are 0.0.1
> and 0.0.2 and both versions were and are marked as insecure
> (TYPO3-SA-2010-018).
>
> This is what I assumed.
And there's additionally a version 0.1.0 that contains the extension
maintainer's security fix and such is of course available for download.
So everything is fine and OP simply mixed up version numbers.
Marcus.
More information about the TYPO3-english
mailing list