[Pkg-zope-developers] Bug#334054: fwd: [debdev: zope2.7 security
fix (for bug 334055)]
A Mennucc
debdev at tonelli.sns.it
Wed Nov 9 13:49:00 UTC 2005
I think it is better it this email is also part of this bug report
(this email was sent on Oct 21)
----- Forwarded message from debdev -----
To: debian-devel at lists.debian.org
Cc: pkg-zope-developers at lists.alioth.debian.org
Subject: zope2.7 security fix (for bug 334055)
Reply-To: mennucc1 at debian.org
Mail-Followup-To: mennucc1 at debian.org
hi everybody
I have (hopefully) fixed the bug 334055 of zope2.7, that is a security alert.
Note that my patch is much smaller than the original hotfix,
which included also some new features such as nl and ca languages -
- but usually we do not add new features in Debian when releasing security
upgrades.
--------- testing
This is the updated binary for testing/etch
http://tonelli.sns.it/pub/mennucc1/zope/debian/etch-security/zope2.7_2.7.5-3sec1.deb
I will not upload it to secure-testing-master since it violates point 1 at
http://secure-testing-master.debian.net/
"Only upload changes that have already been made in unstable."
People in the pkg-zope-team are introducing in unstable a completely
different zope framework.
--------- sarge
This is the proposed update for stable/sarge :
http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope2.7_2.7.5-2sec1_source.changes
unfortunately I do not have available a clean sarge environment, so
you have to compile it.
This is the diff w.r.t the older version
http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope-hotfix_2005-10-09-sarge.diff
Warning: do not apply that patch to the installed files of zope2.7,
it will not work. Compile the above source, or help me use a sarge buildd.
a.
ps: I wrote to the security team asking info on the sarge upload, never
got an answer. Question: can I upload a source-only to sarge-security?
ps2: I would also appreciate if someone who understands what 334055 is about
would compile and test my fix to see if it really works.
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20051109/cba44e97/attachment.pgp
More information about the Pkg-zope-developers
mailing list