-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/27/2013 11:55 AM, David Glick (Plone) wrote:
> On 1/27/13 6:00 PM, Tres Seaver wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 01/27/2013 08:49 AM, Julien Cristau wrote:
>>> On Mon, Nov 26, 2012 at 18:53:58 +0900, Arnaud Fontain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/27/2013 08:49 AM, Julien Cristau wrote:
> On Mon, Nov 26, 2012 at 18:53:58 +0900, Arnaud Fontaine wrote:
>
>> Tres Seaver writes:
>>
* CVE-2012-5505 (zope.traversing: atat.py)
http://plone.org/products/plone/security/advisories/2012
Hello,
Tres Seaver writes:
>> version 2.12.21: * LP #1079238 fixes CVE 2012-5489.
>>
>> According to the upstream changelog, LP #1047318 seems to fix a
>> security bug, but I could not find it in zope2 launchpad nor anywhere
>> else.
>
> That bug was still in "Private Security" state: I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/24/2012 09:07 PM, Arnaud Fontaine wrote:
> Luciano Bello writes:
>
>> Hi, please see : http://seclists.org/oss-sec/2012/q4/249
>>
>> Can you confirm if any of the Debian packages are affected?
>
> As far as I could find (not clear in the ups
Hello,
Luciano Bello writes:
> Hi, please see : http://seclists.org/oss-sec/2012/q4/249
>
> Can you confirm if any of the Debian packages are affected?
As far as I could find (not clear in the upstream changelog):
version 2.12.26:
* LP #1071067 fixes CVE 2012-5507, CVE 2012-5508.
* LP #930