[TYPO3-english] mm_forum security update shows now changes against previous version?
David Bruchmann
typo3-en at bruchmann-web.de
Tue Mar 16 17:55:14 CET 2010
Von: Christopher Lörken <lists at bytro.com>
Gesendet: Dienstag, 16. März 2010 17:32:31
Hi,
>
> as announced in today's typo3-announce mail [1] and security advisory
> [2], the mm_forum extension shows cross site scripting vulnerabilities.
>
> Since we have adjusted parts of the code I will have to look at the
> changes and merge them into our version. I've downloaded the brand new
> t3x file for version 1.8.3 from the extension repository and compared it
> against the SVN snapshot of the previous 1.8.2. But: I found no changes...
>
> The forge SVN does not yet contain a 1.8.3 tag, the current trunk
> version shows no commits regarding critical security fixes and since the
> current t3x file is exactly the same as that of version 1.8.2, I'd
> really like to know what are the changes and what are the
> vulnerabilities...?
>
This is an item for the security-team and the forum-developers but NEVER
for the public mailinglist.
Best Regards
David
More information about the TYPO3-english
mailing list