[SECURITY] Remove charts.swf to get rid of XSS vulnerability 00/30300/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Thu, 22 May 2014 07:33:31 +0000 (09:33 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:33:36 +0000 (09:33 +0200)
The file charts.swf is vulnerable to XSS, is delivered
by ExtJS but not used in TYPO3 CMS at all.

Since the vendor of ExtJS did not fix this vulnerability,
we decided to remove it from TYPO3 sources.

Change-Id: Ib30cac84983f5a30956d0a09af933b0fbca1d6ff
Fixes: #54526
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 2402b6cfa3ab2a054ef3e28f3d8de8f7dfee17ec
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30300
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/contrib/extjs/resources/charts.swf [deleted file]

diff --git a/typo3/contrib/extjs/resources/charts.swf b/typo3/contrib/extjs/resources/charts.swf
deleted file mode 100644 (file)
index 472ca22..0000000
Binary files a/typo3/contrib/extjs/resources/charts.swf and /dev/null differ