Hi, Moritz Muehlenhoff <[email protected]> writes:
> On Sun, Nov 25, 2012 at 11:07:38AM +0900, Arnaud Fontaine wrote: >> The following CVEs are not affecting Zope2 package (Plone/Zope3/..) >> (within brackets is the Product/module/... affected along with the >> corresponding filename in Plone Hotfix): > > For clarification, so that I can update the Debian Security Tracker, > none of these CVE IDs are packaged in Debian, right? > > (I can't find a Plone package, but these could be packaged through one > of the many zope.* packages?) > >> * CVE-2012-5485 (Plone: registerConfiglet.py) >> http://plone.org/products/plone/security/advisories/20121106/01 >> >> * >> CVE-2012-5488/CVE-2012-5494/CVE-2012-5495/CVE-2012-5499/CVE-2012-5506 >> (Plone-specific: python_scripts.py) >> http://plone.org/products/plone/security/advisories/20121106/04 >> http://plone.org/products/plone/security/advisories/20121106/10 >> http://plone.org/products/plone/security/advisories/20121106/11 >> http://plone.org/products/plone/security/advisories/20121106/15 >> http://plone.org/products/plone/security/advisories/20121106/22 >> >> * CVE-2012-5490 (kss: kssdevel.py) >> http://plone.org/products/plone/security/advisories/20121106/06 >> >> * CVE-2012-5491/CVE-2012-5504 (z3c.form (Zope3): widget_traversal.py) >> http://plone.org/products/plone/security/advisories/20121106/12 >> http://plone.org/products/plone/security/advisories/20121106/20 >> >> * CVE-2012-5492 (Plone: uid_catalog.py) >> http://plone.org/products/plone/security/advisories/20121106/08 >> >> * CVE-2012-5493 (CMFCore: gtbn.py) >> http://plone.org/products/plone/security/advisories/20121106/09 >> >> * CVE-2012-5496 (Plone: kupu_spellcheck.py) >> http://plone.org/products/plone/security/advisories/20121106/09 >> >> * CVE-2012-5497 (Plone: membership_tool.py) >> http://plone.org/products/plone/security/advisories/20121106/13 >> >> * CVE-2012-5498 (Plone: queryCatalog.py) >> http://plone.org/products/plone/security/advisories/20121106/14 >> >> * CVE-2012-5500 (Plone: renameObjectsByPaths.py) >> http://plone.org/products/plone/security/advisories/20121106/15 >> >> * CVE-2012-5501 (Plone: at_download.py) >> http://plone.org/products/plone/security/advisories/20121106/17 >> >> * CVE-2012-5502 (PortalTransforms: safe_html.py) >> http://plone.org/products/plone/security/advisories/20121106/18 >> >> * CVE-2012-5503 (Plone-specific: ObjectManager: ftp.py) >> http://plone.org/products/plone/security/advisories/20121106/19 None of the above CVE IDs are packaged in Debian as Plone is not packaged in Debian and the other Products/modules are not packaged in Debian neither. Cheers, -- Arnaud Fontaine
pgp8PulGNWqjf.pgp
Description: PGP signature
