[SECURITY] XSS in swfupload
authorOliver Hader <oliver@typo3.org>
Wed, 4 Jul 2012 08:30:40 +0000 (10:30 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 4 Jul 2012 09:12:15 +0000 (11:12 +0200)
There is a known XSS vulnerability in swfupload which isn't
fixed yet. Thanks to the Wordpress project for providing a
fix - we just borrowed that code.

Change-Id: I67a669d1a9898ae52d1430ccb5e455041ea1c733
Fixes: #38578
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-003
Reviewed-on: http://review.typo3.org/12591
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/contrib/swfupload/swfupload.swf [changed mode: 0755->0644]

old mode 100755 (executable)
new mode 100644 (file)
index e3f7670..b5e8822
Binary files a/typo3/contrib/swfupload/swfupload.swf and b/typo3/contrib/swfupload/swfupload.swf differ