Henning Pingel discovered that TYPO3, a web content management framework,
performs insufficient input sanitising, making it vulnerable to SQL
injection by logged-in backend users.
The old stable distribution (sarge) doesn’t contain typo3-src.
For the stable distribution (etch), this problem has been fixed in
version 4.0.2+debian-4.
For the unstable distribution (sid) and for the testing distribution
(lenny), this problem has been fixed in version 4.1.5-1.
We recommend that you upgrade your typo3-src packages.