Bug 262196 - www/typo3-10: Update to 10.4.25
Summary: www/typo3-10: Update to 10.4.25
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Florian Smeets
URL: https://get.typo3.org/release-notes/1...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2022-02-25 18:34 UTC by Helmut Ritter
Modified: 2022-02-27 20:27 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback? (flo)
koobs: merge-quarterly?

Attachments
Update to 10.4.25 (908 bytes, text/plain)
2022-02-25 18:34 UTC, Helmut Ritter 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Helmut Ritter 2022-02-25 18:34:25 UTC 
Created attachment 232108 [details]
Update to 10.4.25

These versions are maintenance releases and contain bug fixes only.

For details about the releases, please see:

https://get.typo3.org/release-notes/11.5.7
https://get.typo3.org/release-notes/10.4.25
https://typo3.org/article/typo3-1157-and-10425-maintenance-releases-published
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2022-02-25 23:57:58 UTC 
Fixes a security vulnerability in a bundled library: 

  https://github.com/typo3/typo3/commit/9940defb21

From release notes:

Composer package roave/security-advisories reported conflicts when trying to upgrade TYPO3 packages - due to a security advisory for third-party package enshrined/svg-sanitize - more details are provided in TYPO3-PSA-2022-001 [1][2]

[1] https://typo3.org/article/typo3-psa-2022-001 [1]
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-23638

Pending VuXML entry
Comment 2 commit-hook freebsd_committer freebsd_triage 2022-02-27 16:51:45 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9591e6069358d4bb00578369181671a34732aeae

commit 9591e6069358d4bb00578369181671a34732aeae
Author:     Helmut Ritter <freebsd-ports@charlieroot.de>
AuthorDate: 2022-02-27 16:48:23 +0000
Commit:     Florian Smeets <flo@FreeBSD.org>
CommitDate: 2022-02-27 16:48:23 +0000

    www/typo3-10: Update to 10.4.25

    PR:             262196
    Security:       0eab001a-9708-11ec-96c9-589cfc0f81b0

 www/typo3-10/Makefile | 2 +-
 www/typo3-10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-02-27 16:51:46 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6bc3ad4d7cdbfa9a92cacf04e12d6ade466e1900

commit 6bc3ad4d7cdbfa9a92cacf04e12d6ade466e1900
Author:     Florian Smeets <flo@FreeBSD.org>
AuthorDate: 2022-02-27 16:43:37 +0000
Commit:     Florian Smeets <flo@FreeBSD.org>
CommitDate: 2022-02-27 16:43:37 +0000

    security/vuxml: Document TYPO3 vulnerabilities

    PR:             262196, 262197

 security/vuxml/vuln-2022.xml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
Comment 4 Florian Smeets freebsd_committer freebsd_triage 2022-02-27 16:52:21 UTC 
Committed. Thanks.
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-02-27 20:27:27 UTC 
A commit in branch 2022Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4b3fe0f26cf22aec52dbd976cadb8dc10b3fd115

commit 4b3fe0f26cf22aec52dbd976cadb8dc10b3fd115
Author:     Helmut Ritter <freebsd-ports@charlieroot.de>
AuthorDate: 2022-02-27 16:48:23 +0000
Commit:     Florian Smeets <flo@FreeBSD.org>
CommitDate: 2022-02-27 20:15:13 +0000

    www/typo3-10: Update to 10.4.25

    PR:             262196
    Security:       0eab001a-9708-11ec-96c9-589cfc0f81b0
    (cherry picked from commit 9591e6069358d4bb00578369181671a34732aeae)

 www/typo3-10/Makefile | 2 +-
 www/typo3-10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)