[TYPO3-announce] [Ticket#2012123110000011] Vulnerabilities in third party TYPO3 extensions commerce and formhandler (late notification)
TYPO3 Security Team
security at typo3.org
Mon Dec 31 09:50:36 CET 2012
Dear TYPO3 users,
Due to internal misunderstandings, for the latests two extension bulletins no
notifications have been sent so far. This notification is about to catch up with
these bulletins. We apologize for any inconvenience this may cause.
Vulnerabilities have been found in the following third party TYPO3 extension:
commerce, formhandler
For further information on the issues in the extension formhandler, please read
the related advisory TYPO3-EXT-SA-2012-012 that was published on October 25:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-
2012-012/
For further information on the issues in the extension ameos_formidable, please
read the related advisory TYPO3-EXT-SA-2012-013 that was published on December 21:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-
2012-013/
In general, the TYPO3 Security Team recommends reading the following pages:
The TYPO3 Security Guide:
http://typo3.org/documentation/document-library/core-
documentation/doc_guide_security/current/
Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/
On behalf of the whole TYPO3 Security Team, I wish you all a Happy New Year!
Thank you for your understanding.
Regards,
Marcus Krause
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: http://typo3.org/teams/security/
E-Mail: security at typo3.org
Please note: When replying to this e-mail, please leave the header intact.
More information about the TYPO3-announce
mailing list