Bug#401796: CVE-2006-4249: Plone vulnerability
Moritz Muehlenhoff
jmm at debian.org
Tue Dec 5 22:43:50 UTC 2006
Package: zope-cmfplone
Severity: grave
Tags: security
Justification: user security hole
I don't know very much about Plone and I didn't investigate too deeply
as Sarge is not affected, but I suppose this needs to be fixed for Etch:
http://plone.org/about/security/advisories/cve-2006-4249/
| PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1)
| has a potential vulnerability that allows a user to
| masquerade as a group. Please update your sites.
Applying the hotfix is probably preferable to upgrading to 2.5.2.
Cheers,
Moritz
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
More information about the pkg-zope-developers
mailing list