diff options
author | Martin Schulze <joey> | 2005-11-24 07:09:32 +0000 |
---|---|---|
committer | Martin Schulze <joey> | 2005-11-24 07:09:32 +0000 |
commit | 417737e06102fbce0243c30e65265bdc596dceee (patch) | |
tree | a00949ffc491872d6232823519b40d0cc85b61cf /english | |
parent | 53c60edb536d1ad87cb737206bcde59a2d660404 (diff) |
[DSA 910-1] New zope2.7 packages fix arbitrary file inclusion
CVS version numbers
english/security/2005/dsa-910.data: INITIAL -> 1.1
english/security/2005/dsa-910.wml: INITIAL -> 1.1
Diffstat (limited to 'english')
-rw-r--r-- | english/security/2005/dsa-910.data | 70 | ||||
-rw-r--r-- | english/security/2005/dsa-910.wml | 20 |
2 files changed, 90 insertions, 0 deletions
diff --git a/english/security/2005/dsa-910.data b/english/security/2005/dsa-910.data new file mode 100644 index 00000000000..0629096963c --- /dev/null +++ b/english/security/2005/dsa-910.data @@ -0,0 +1,70 @@ +<define-tag pagetitle>DSA-910-1 zope.2.7</define-tag> +<define-tag report_date>2005-11-24</define-tag> +<define-tag secrefs>CVE-2005-3323 Bug#334055</define-tag> +<define-tag packages>zope2.7</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> + +#use wml::debian::security + +<h3>Debian GNU/Linux 3.1 (sarge)</h3> + +<dl> + +<dt><source /> + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1.dsc /> + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1.diff.gz /> + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz /> + +<dt>Alpha: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_alpha.deb /> + +<dt>AMD64: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_amd64.deb /> + +<dt>ARM: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_arm.deb /> + +<dt>Intel IA-32: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_i386.deb /> + +<dt>Intel IA-64: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_ia64.deb /> + +<dt>HPPA: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_hppa.deb /> + +<dt>Motorola 680x0: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_m68k.deb /> + +<dt>Big endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_mips.deb /> + +<dt>Little endian MIPS: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_mipsel.deb /> + +<dt>PowerPC: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_powerpc.deb /> + +<dt>IBM S/390: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_s390.deb /> + +<dt>Sun Sparc: + + <dd><fileurl http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_sparc.deb /> + +</dl> + +<p><md5sums http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00311.html /></p> diff --git a/english/security/2005/dsa-910.wml b/english/security/2005/dsa-910.wml new file mode 100644 index 00000000000..7b9f47ef7cb --- /dev/null +++ b/english/security/2005/dsa-910.wml @@ -0,0 +1,20 @@ +<define-tag description>design error</define-tag> +<define-tag moreinfo> +<p>A vulnerability has been discovered in zope 2.7, as Open Source web +application server, that allows remote attackers to insert arbitrary +files via include directives in reStructuredText functionality.</p> + +<p>The old stable distribution (woody) does not contain zope2.7 packages.</p> + +<p>For the stable distribution (sarge) this problem has been fixed in +version 2.7.5-2sarge1.</p> + +<p>For the unstable distribution (sid) this problem has been fixed in +version 2.7.8-1.</p> + +<p>We recommend that you upgrade your zope2.7 package.</p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2005/dsa-910.data" +# $Id$ |