[TYPO3-UG-Muenster] [Fwd: [TYPO3-announce] Security issues in TYPO3 extension Commerce and several other third party extensions]

Martin Bless m.bless at gmx.de
Mon Oct 20 09:22:00 CEST 2008 

Wir hatten beim letzten Treffen ja verschärft das Thema Sicherheit auf
der Tagesordnung. Für alle, die die Announcement List noch nicht
abonniert haben, leite ich eine aktuelle Mail mal hier weiter. Dann die
Liste, wie darin beschrieben, abonnieren!

LG Martin


-------- Original-Nachricht --------
Betreff: 	[TYPO3-announce] Security issues in TYPO3 extension Commerce
and several other third party extensions
Datum: 	Mon, 20 Oct 2008 08:21:28 +0200
Von: 	Henning Pingel <henning at typo3.org>
Antwort an: 	TYPO3 Announcement List, readonly
<typo3-announce at lists.netfielders.de>
An: 	typo3-announce at lists.netfielders.de



Dear users of TYPO3,

Security issues have been discovered in the following third party TYPO3
extensions:

Commerce (commerce),
JobControl (dmmjobcontrol),
Econda Plugin (econda),
Frontend Users View (feusersview),
Mannschaftsliste (kiddog_playerlist),
M1 Intern (m1_intern),
Simple survey (simplesurvey),
Page Improvements (sm_pageimprovements)

For further information, please read the following bulletins:

TYPO3 Collective Security Bulletin TYPO3-20081020-1: Several
vulnerabilities in third party extensions:
<http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/>

TYPO3 Security Bulletin TYPO3-20081020-2: SQL Injection in extension
Commerce (commerce):
<http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/>

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce>

You can find all TYPO3 security bulletins at:
<http://typo3.org/teams/security/security-bulletins/>

Regards,

Henning Pingel
henning at typo3.org

_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce




-- 
Mit freundlichen Grüßen

Martin Bless
mailto:m.bless at gmx.de
http://team-mensch-und-computer.de
+49 (251) 987 9040
+49 (251) 987 9041 Fax
Vivaldistr. 13
48147 Münster
USt-IdNr.: DE251380138

More information about the TYPO3-UG-Muenster mailing list