Dear users of TYPO3,
Security vulnerabilities have been discovered in the following third
party TYPO3 extensions:
"Frontend User Registration" (sr_feuser_register),
"A21glossary Advanced Output" (a21glossary_advanced_output),
"ClickStream Analyzer (output)" (alternet_csa_out),
"Directory Listing" (dir_listing),
"Store Locator" (locator),
"Userdata Create/Edit" (sg_userdata),
"Versatile Calendar Extension (VCE)" (sk_calendar),
"ultraCards" (th_ultracards),
"Visitor Tracking" (ws_stats)
For further information on the extension "Frontend User Registration"
(sr_feuser_register), please read the related advisory TYPO3-SA-2009-004:
<http: typo3.org teams security security-bulletins typo3-sa-2009-004></http:>
Regarding all other extensions listed above, please read the advisory
TYPO3-SA-2009-005 (which is a Collective Security Bulletin):
<http: typo3.org teams security security-bulletins typo3-sa-2009-005></http:>
In general, the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http: typo3.org fileadmin security-team typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.netfielders.de cgi-bin mailman listinfo typo3-announce>
See all TYPO3 security advisories:
<http: typo3.org teams security security-bulletins></http:>
Regards,
Henning Pingel
henning@typo3.org</http:></http:>
