This bug was fixed in the package zope3 - 3.4.0-0ubuntu3.3
---------------
zope3 (3.4.0-0ubuntu3.3) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
- debian/patches/security-CVE-2009-066x.dpatch: introduce
ServerMarshaller() and server_find_global() in
Dependencies/ZEO-Zope-3.4.0/ZEO/zrpc/{marshal.py,connection.py}.
- CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
- debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
private in Dependencies/ZEO-Zope-3.4.0/ZEO/{auth/auth_digest.py,
StorageServer.py, tests/auth_plaintext.py}.
- CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
- debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
in Dependencies/ZEO-Zope-3.4.0/ZEO/StorageServer.py.
- No CVE
* debian/patches/deb-zopeconf.dpatch: fix typo so ZOPE_USER is properly
defined. (LP: #356137)
-- Marc Deslauriers <[email protected]> Tue, 13 Oct 2009
13:39:22 -0400
** Changed in: zope3 (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0668
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0669
--
zope3 fails on start-up in jaunty
https://bugs.launchpad.net/bugs/356137
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
