Dear TYPO3 users,
Several vulnerabilities have been found in the following third party TYPO3
extensions:
"BB Simple Jobs" (bb_simplejobs)
"Developer log" (devlog)
"Photo Book" (goof_fotoboek)
"Unit Converter" (cs2_unitconv)
"tt_news Mail alert" (dl3_tt_news_alerts)
"Googlemaps for tt_news" (jf_easymaps)
"Reports for Job" (job_reports)
"kiddog_mysqldumper" (kiddog_mysqldumper)
"KJ: Imagelightbox" (kj_imagelightbox2)
"Majordomo" (majordomo)
"Helpdesk" (mg_help)
"Tip many friends" (mimi_tipfriends)
"MK-AnydropdownMenu" (mk_anydropdownmenu)
"MJS Event Pro" (mjseventpro)
"powermail" (powermail)
"Clan Users List" (pb_clanlist)
"Customer Reference List" (ref_list)
"SB Folderdownload" (sb_folderdownload)
"TT_Products editor" (ttpedit)
"TV21 Talkshow" (tv21_talkshow)
"VD / Geomap" (vd_geomap)
"User Links" (vm19_userlinks)
"Vote rank for news" (vote_for_tt_news)
"zak_store_management" (zak_store_management)
For further information on all CSB (Collective Security Bulletin) issues,
please read the related advisory TYPO3-SA-2009-021 that was published today:
<http: typo3.org teams security security-bulletins typo3-sa-2009-021></http:>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http: typo3.org fileadmin security-team typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.typo3.org cgi-bin mailman listinfo typo3-announce>
See all TYPO3 security advisories:
<http: typo3.org teams security security-bulletins></http:>
Regards,
Marcus Krause
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: <a href="http://typo3.org/teams/security/" target="_blank" rel="noreferrer">http://typo3.org/teams/security/</a>
E-Mail: security@typo3.org
Please note: when replying to this e-mail, please leave the header intact.</http:></http:>
