Debian Security Advisory: new version of zope released (updated) | Linux Today

Debian Security Advisory: new version of zope released (updated)

Written By
Web Webster
Web Webster
Aug 21, 2000

Date: Mon, 21 Aug 2000 08:32:56 -0400 (EDT)
From: Michael Stone mstone@justice.loyola.edu

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] new version of zope released (updated)

—–BEGIN PGP SIGNED MESSAGE—–


Debian Security Advisory                                security@debian.org
http://www.debian.org/security/                   Michael Stone 
August 21, 2000

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2.1 it was possible for a user
with the ability to edit DTML to gain unauthorized access to extra
roles during a request. A fix was previously announced in the
Debian zope package 2.1.6-5.1, but that package did not fully
address the issue and has been superseded by this announcement.
More information is available at

http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert

Debian 2.1 (slink) did not include zope, and is not vulnerable.
Debian 2.2 (potato) does include zope and is vulnerable to this
issue. A fixed package for Debian 2.2 (potato) is available in zope
2.1.6-5.2.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink


This version of Debian did not include zope and is not
vulnerable.

Debian GNU/Linux 2.2 alias potato


Source archives:

http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.diff.gz

MD5 checksum: 2b2a0c23b842b5799520c57de2678292

http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.dsc

MD5 checksum: 04b8ff47d816bdeb5291e372e5e10006

http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6.orig.tar.gz

MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5

Alpha architecture:

http://security.debian.org/dists/potato/updates/main/binary-alpha/zope_2.1.6-5.2_alpha.deb

MD5 checksum: 0f7062e8a0b7449887cba647de996fda

Arm architecture:

http://security.debian.org/dists/potato/updates/main/binary-arm/zope_2.1.6-5.2_arm.deb

MD5 checksum: 64ce5c2f0edb255ccc89b8006cc2f0d2

Intel ia32 architecture:

http://security.debian.org/dists/potato/updates/main/binary-i386/zope_2.1.6-5.2_i386.deb

MD5 checksum: b105defbc9f1d66bb2cb89ef05b94d40

Motorola 680×0 architecture:
Will be available shortly

PowerPC architecture:
Will be available shortly

Sun Sparc architecture:

http://security.debian.org/dists/potato/updates/main/binary-sparc/zope_2.1.6-5.2_sparc.deb

MD5 checksum: d1cefd0a6d40e3b1f00889b7b2d489a9

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org 

iQCVAwUBOaEhTA0hVr09l8FJAQHnewQAnD5faWwqBRiDhUiIwOFRpBw5a3kdFifo
yecN02T7daxX1hP8JJ9SFVwC+CvTax+rs+0pAhPDPljbiLy+ink0gGI8rGNffeZW
qI+wvZRw3gdGynwYmP2c7ssiR3HyF6rh69DVZFeqytWnL3fS9IQi5HxdLTWP2tQi
LcgLcGCht/Q=
=6Ym9
-----END PGP SIGNATURE-----
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.