From 53bf4e095fdacbb48d2bcf7460dcd705b1a5baa7 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Tue, 16 Mar 2021 12:33:08 +0100
Subject: [PATCH] [TASK] Add security advisories for TYPO3's March 2021
 releases

---
 typo3/cms-core/2021-03-16-1.yaml | 13 +++++++++++++
 typo3/cms-core/2021-03-16-2.yaml | 13 +++++++++++++
 typo3/cms-core/2021-03-16-3.yaml | 13 +++++++++++++
 typo3/cms-core/2021-03-16-4.yaml | 10 ++++++++++
 typo3/cms-core/2021-03-16-5.yaml | 13 +++++++++++++
 typo3/cms-core/2021-03-16-6.yaml | 13 +++++++++++++
 typo3/cms-core/2021-03-16-7.yaml | 10 ++++++++++
 typo3/cms-core/2021-03-16-8.yaml | 13 +++++++++++++
 typo3/cms/2021-03-16-1.yaml      | 13 +++++++++++++
 typo3/cms/2021-03-16-2.yaml      | 13 +++++++++++++
 typo3/cms/2021-03-16-3.yaml      | 13 +++++++++++++
 typo3/cms/2021-03-16-4.yaml      | 10 ++++++++++
 typo3/cms/2021-03-16-5.yaml      | 13 +++++++++++++
 typo3/cms/2021-03-16-6.yaml      | 13 +++++++++++++
 typo3/cms/2021-03-16-7.yaml      | 10 ++++++++++
 typo3/cms/2021-03-16-8.yaml      | 13 +++++++++++++
 16 files changed, 196 insertions(+)
 create mode 100644 typo3/cms-core/2021-03-16-1.yaml
 create mode 100644 typo3/cms-core/2021-03-16-2.yaml
 create mode 100644 typo3/cms-core/2021-03-16-3.yaml
 create mode 100644 typo3/cms-core/2021-03-16-4.yaml
 create mode 100644 typo3/cms-core/2021-03-16-5.yaml
 create mode 100644 typo3/cms-core/2021-03-16-6.yaml
 create mode 100644 typo3/cms-core/2021-03-16-7.yaml
 create mode 100644 typo3/cms-core/2021-03-16-8.yaml
 create mode 100644 typo3/cms/2021-03-16-1.yaml
 create mode 100644 typo3/cms/2021-03-16-2.yaml
 create mode 100644 typo3/cms/2021-03-16-3.yaml
 create mode 100644 typo3/cms/2021-03-16-4.yaml
 create mode 100644 typo3/cms/2021-03-16-5.yaml
 create mode 100644 typo3/cms/2021-03-16-6.yaml
 create mode 100644 typo3/cms/2021-03-16-7.yaml
 create mode 100644 typo3/cms/2021-03-16-8.yaml

diff --git a/typo3/cms-core/2021-03-16-1.yaml b/typo3/cms-core/2021-03-16-1.yaml
new file mode 100644
index 000000000..dbb374894
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-1.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-001/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:01'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:01:50'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:57:07'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-2.yaml b/typo3/cms-core/2021-03-16-2.yaml
new file mode 100644
index 000000000..7914d354a
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-2.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-002/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:23'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:02:09'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:57:27'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-3.yaml b/typo3/cms-core/2021-03-16-3.yaml
new file mode 100644
index 000000000..dc2af2ae2
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-3.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-003/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:40'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:02:31'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:57:43'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-4.yaml b/typo3/cms-core/2021-03-16-4.yaml
new file mode 100644
index 000000000..205b36e81
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-4.yaml
@@ -0,0 +1,10 @@
+title: 'TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-004/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:55'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:02:46'
+        versions: ['>=11.0.0', '<11.1.1']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-5.yaml b/typo3/cms-core/2021-03-16-5.yaml
new file mode 100644
index 000000000..278ab0749
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-5.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-005/'
+branches:
+    10.x:
+        time: '2021-03-16 09:00:29'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:06'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:58:04'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-6.yaml b/typo3/cms-core/2021-03-16-6.yaml
new file mode 100644
index 000000000..501869b47
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-6.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-006/'
+branches:
+    10.x:
+        time: '2021-03-16 09:00:50'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:23'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:58:23'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-7.yaml b/typo3/cms-core/2021-03-16-7.yaml
new file mode 100644
index 000000000..65f1ed094
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-7.yaml
@@ -0,0 +1,10 @@
+title: 'TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-007/'
+branches:
+    10.x:
+        time: '2021-03-16 09:01:14'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:36'
+        versions: ['>=11.0.0', '<11.1.1']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms-core/2021-03-16-8.yaml b/typo3/cms-core/2021-03-16-8.yaml
new file mode 100644
index 000000000..dee4bb0b6
--- /dev/null
+++ b/typo3/cms-core/2021-03-16-8.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-008/'
+branches:
+    10.x:
+        time: '2021-03-16 09:01:32'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:54'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:58:42'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms-core'
diff --git a/typo3/cms/2021-03-16-1.yaml b/typo3/cms/2021-03-16-1.yaml
new file mode 100644
index 000000000..c0aed92a5
--- /dev/null
+++ b/typo3/cms/2021-03-16-1.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-001/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:01'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:01:50'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:57:07'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-2.yaml b/typo3/cms/2021-03-16-2.yaml
new file mode 100644
index 000000000..0bf892d5a
--- /dev/null
+++ b/typo3/cms/2021-03-16-2.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-002/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:23'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:02:09'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:57:27'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-3.yaml b/typo3/cms/2021-03-16-3.yaml
new file mode 100644
index 000000000..182976163
--- /dev/null
+++ b/typo3/cms/2021-03-16-3.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-003/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:40'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:02:31'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:57:43'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-4.yaml b/typo3/cms/2021-03-16-4.yaml
new file mode 100644
index 000000000..64efcfedc
--- /dev/null
+++ b/typo3/cms/2021-03-16-4.yaml
@@ -0,0 +1,10 @@
+title: 'TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-004/'
+branches:
+    10.x:
+        time: '2021-03-16 08:59:55'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:02:46'
+        versions: ['>=11.0.0', '<11.1.1']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-5.yaml b/typo3/cms/2021-03-16-5.yaml
new file mode 100644
index 000000000..32090bf94
--- /dev/null
+++ b/typo3/cms/2021-03-16-5.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-005/'
+branches:
+    10.x:
+        time: '2021-03-16 09:00:29'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:06'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:58:04'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-6.yaml b/typo3/cms/2021-03-16-6.yaml
new file mode 100644
index 000000000..73b5464e2
--- /dev/null
+++ b/typo3/cms/2021-03-16-6.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-006/'
+branches:
+    10.x:
+        time: '2021-03-16 09:00:50'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:23'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:58:23'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-7.yaml b/typo3/cms/2021-03-16-7.yaml
new file mode 100644
index 000000000..5f8fbe071
--- /dev/null
+++ b/typo3/cms/2021-03-16-7.yaml
@@ -0,0 +1,10 @@
+title: 'TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-007/'
+branches:
+    10.x:
+        time: '2021-03-16 09:01:14'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:36'
+        versions: ['>=11.0.0', '<11.1.1']
+reference: 'composer://typo3/cms'
diff --git a/typo3/cms/2021-03-16-8.yaml b/typo3/cms/2021-03-16-8.yaml
new file mode 100644
index 000000000..ab8654c64
--- /dev/null
+++ b/typo3/cms/2021-03-16-8.yaml
@@ -0,0 +1,13 @@
+title: 'TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview'
+link: 'https://typo3.org/security/advisory/typo3-core-sa-2021-008/'
+branches:
+    10.x:
+        time: '2021-03-16 09:01:32'
+        versions: ['>=10.0.0', '<10.4.14']
+    11.x:
+        time: '2021-03-16 09:03:54'
+        versions: ['>=11.0.0', '<11.1.1']
+    9.x:
+        time: '2021-03-16 08:58:42'
+        versions: ['>=9.0.0', '<9.5.25']
+reference: 'composer://typo3/cms'