----- Forwarded message from [EMAIL PROTECTED] ----- > From: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > Date: Fri, 11 Aug 2000 17:33:43 -0700 > To: [EMAIL PROTECTED] > Subject: [SECURITY] new version of zope released > > -----BEGIN PGP SIGNED MESSAGE----- > > - ------------------------------------------------------------------------ > Debian Security Advisory [EMAIL PROTECTED] > http://www.debian.org/security/ Michael Stone > August 11, 2000 > - ------------------------------------------------------------------------ > > Package: zope > Vulnerability type: remote unprivileged access > Debian-specific: no > > On versions of Zope prior to 2.2beta1 it was possible for a user with the > ability to edit DTML can gain unauthorized access to extra roles during a > request. > > Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used > Debian 2.2 (potato) pre-release does include zope and is vulnerable to this > issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1. > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > > Debian GNU/Linux 2.1 alias slink > - -------------------------------- > > This version of Debian did not include zope and is not vulnerable. > > > > Debian GNU/Linux 2.2 alias potato > - --------------------------------- > > Source archives: > >http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.diff.gz > MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a > http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.dsc > MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f > >http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6.orig.tar.gz > MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5 > Alpha architecture: > >http://security.debian.org/dists/frozen/updates/main/binary-alpha/zope_2.1.6-5.1_alpha.deb > MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae > Arm architecture: > >http://security.debian.org/dists/frozen/updates/main/binary-arm/zope_2.1.6-5.1_arm.deb > MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7 > Intel ia32 architecture: > >http://security.debian.org/dists/frozen/updates/main/binary-i386/zope_2.1.6-5.1_i386.deb > MD5 checksum: 4716213c3986dd0e871a33acc8576c66 > Motorola 680x0 architecture: > Will be available shortly > PowerPC architecture: > >http://security.debian.org/dists/frozen/updates/main/binary-powerpc/zope_2.1.6-5.1_powerpc.deb > MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b > Sun Sparc architecture: > >http://security.debian.org/dists/frozen/updates/main/binary-sparc/zope_2.1.6-5.1_sparc.deb > MD5 checksum: ed818435e7b672521d364a3c044a4043 > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: noconv > > iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ > 8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU > J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP > cRtS6qszYqw= > =ZzS9 > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
