Bug#449523: Plone interprets network data as Python pickles [CVE-2007-5741]
Thijs Kinkhorst
thijs at debian.org
Tue Nov 6 09:53:30 UTC 2007
Package: zope-cmfplone
Version: 2.5.1-4
Severity: grave
Tags: patch security
Hi!
The Plone security team has issued an advisory concerning Plone:
On Tuesday 6 November 2007 10:38, Wichert Akkerman wrote:
> We've published the advisory:
> http://plone.org/about/security/advisories/cve-2007-5741
A hotfix is available. It seems at least stable, testing and unstable are
affected, oldstable is unclear.
Could you please:
- Prepare updated packages for (old)stable containing this fix and send them
to the security team for review?
- Fix the issue in sid and upload with high urgency?
In both cases please mention CVE-2007-5741 in the changelog.
thanks,
Thijs Kinkhorst
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20071106/e4f0c5c4/attachment.pgp
More information about the pkg-zope-developers
mailing list