[Pkg-zope-developers] Bug#377277: Zope2 contains information
disclosure vulnerability
Neil McGovern
neilm at debian.org
Fri Jul 7 19:53:00 UTC 2006
Package: zope2.8
Version: 2.8.7-1
Severity: critical
Tags: security
Hi there,
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
has been released today which contains details of a information
disclosure vulnerability in Zope2, due to Zope2's use of the docutils
module to parse and render "restructured text".
A hotfix is available at
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705
I've asked for a CVE id, and will follow up once it's been received.
Could you start to prepare a package?
Many thanks,
Neil McGovern
More information about the Pkg-zope-developers
mailing list