Your message dated Thu, 20 Dec 2007 19:54:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#449523: fixed in zope-cmfplone 2.5.1-4etch1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: zope-cmfplone
Version: 2.5.1-4
Severity: grave
Tags: patch security

Hi!

The Plone security team has issued an advisory concerning Plone:

On Tuesday 6 November 2007 10:38, Wichert Akkerman wrote:
> We've published the advisory:
> http://plone.org/about/security/advisories/cve-2007-5741

A hotfix is available. It seems at least stable, testing and unstable are 
affected, oldstable is unclear.

Could you please:
- Prepare updated packages for (old)stable containing this fix and send them 
to the security team for review?
- Fix the issue in sid and upload with high urgency?

In both cases please mention CVE-2007-5741 in the changelog.


thanks,

Thijs Kinkhorst

Attachment: pgpkLQjLOTw8a.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: zope-cmfplone
Source-Version: 2.5.1-4etch1

We believe that the bug you reported is fixed in the latest version of
zope-cmfplone, which is due to be installed in the Debian FTP archive:

plone-site_2.5.1-4etch1_all.deb
  to pool/main/z/zope-cmfplone/plone-site_2.5.1-4etch1_all.deb
zope-cmfplone_2.5.1-4etch1.diff.gz
  to pool/main/z/zope-cmfplone/zope-cmfplone_2.5.1-4etch1.diff.gz
zope-cmfplone_2.5.1-4etch1.dsc
  to pool/main/z/zope-cmfplone/zope-cmfplone_2.5.1-4etch1.dsc
zope-cmfplone_2.5.1-4etch1_all.deb
  to pool/main/z/zope-cmfplone/zope-cmfplone_2.5.1-4etch1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabio Tranchitella <[EMAIL PROTECTED]> (supplier of updated zope-cmfplone 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 08 Nov 2007 13:50:47 +0100
Source: zope-cmfplone
Binary: plone-site zope-cmfplone
Architecture: source all
Version: 2.5.1-4etch1
Distribution: stable-security
Urgency: high
Maintainer: Debian/Ubuntu Zope Team <[EMAIL PROTECTED]>
Changed-By: Fabio Tranchitella <[EMAIL PROTECTED]>
Description: 
 plone-site - preconfigured zope instance containing a plone site
 zope-cmfplone - content management system based on zope and cmf
Closes: 449523
Changes: 
 zope-cmfplone (2.5.1-4etch1) stable-security; urgency=high
 .
   * statusmessage.py, __init__.py: applied fix for CVE-2007-5741:
     unsafe data interpreted as pickles. (Closes: #449523)
Files: 
 dccc6173d55e9fedbe5a7b91d84a5721 1114 web optional 
zope-cmfplone_2.5.1-4etch1.dsc
 b48215d46aafa9e1f12196263d86a191 1064993 web optional 
zope-cmfplone_2.5.1.orig.tar.gz
 3a83d9323ac5285ac3d5cbde1d54e5f7 10922 web optional 
zope-cmfplone_2.5.1-4etch1.diff.gz
 49e266b7a7910079c92e039a910c4903 1190788 web optional 
zope-cmfplone_2.5.1-4etch1_all.deb
 318b81cff9a5bf4bf352743c46095693 9828 web optional 
plone-site_2.5.1-4etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRzNIP2z0hbPcukPfAQKXlQgAw5YxXy7K+SmgPkR+ErAxeS36OAMoecq6
Ku5EZeE7OsBNffYwX3ndYhQB2X84h1HAhN+iqA6Izm/LL/W4I0SuIK7K6KQPIiiq
5zpe4FD2zMecQW6JWWGjRhKZozpABb2eySxcQApmRsnQGK+4bpMgqRMjY2UBLOh7
DqnlvAVD4qw8OIWWkeyQrcVSWG0PkWz6nbqUGv2jNRDpvc8k/35H9ivhNCCF2r3Y
CTMP0o5EpMjitFiH2ZLpAwEq3Jz2q8IixFla8RuC7UjzFYeXZkjYvlcUOkqsjPqN
F+ztuYeUR0Vn4f6/pZPjmsIOkHgvPJbqOfpYkfzJ2TNx9adOzMkxTQ==
=IwfL
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to