Debian Security Advisory: new version of zope released (updated)Aug 21, 2000, 19:31 (0 Talkback[s])
(Other stories by Michael Stone)
Date: Mon, 21 Aug 2000 08:32:56 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Debian Security Advisory firstname.lastname@example.org http://www.debian.org/security/ Michael Stone August 21, 2000
On versions of Zope prior to 2.2.1 it was possible for a user
with the ability to edit DTML to gain unauthorized access to extra
roles during a request. A fix was previously announced in the
Debian zope package 2.1.6-5.1, but that package did not fully
address the issue and has been superseded by this announcement.
More information is available at
Debian 2.1 (slink) did not include zope, and is not vulnerable. Debian 2.2 (potato) does include zope and is vulnerable to this issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.2.
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.Debian GNU/Linux 2.1 alias slink
This version of Debian did not include zope and is not vulnerable.
Debian GNU/Linux 2.2 alias potato
Intel ia32 architecture:
Motorola 680x0 architecture:
Sun Sparc architecture:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBOaEhTA0hVr09l8FJAQHnewQAnD5faWwqBRiDhUiIwOFRpBw5a3kdFifo yecN02T7daxX1hP8JJ9SFVwC+CvTax+rs+0pAhPDPljbiLy+ink0gGI8rGNffeZW qI+wvZRw3gdGynwYmP2c7ssiR3HyF6rh69DVZFeqytWnL3fS9IQi5HxdLTWP2tQi LcgLcGCht/Q= =6Ym9 -----END PGP SIGNATURE-----