Debian: New typo3 packages fix several vulnerabilities
LinuxSecurity.com: Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserver user.