www/zope doesn't include Hotfix-20060821 long time. See detail at: http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt And also, security/vuxml pointed this vulnerablity for too wide Zope version. So www/zope3 couldn't install which doesn't contain this vulnerable.
State Changed From-To: open->feedback Awaiting maintainers feedback
Zope Hotfixes are Products that installed in the Product directory. No changes are made to the distributed source or installed files. So there is no need to install the hotfix with the zope install. Instances may choose not to include the global Products dir, so the Hotfix installed there will not be used. I have no Problems with the HotFix installed with zope but I see no need for it. Since the work is already done i have no objection to include it in the port.
Dear Gerhard, I thank for your having agreed to my PR :-) I cannot agree about your understanding for Zope, but it is not a topic to talk about here. -- ----+----1----+----2----+----3----+----4----+----5----+----6----+----7-- HAYASHI Yasushi <yasi@yasi.to> http://www.yasi.to/blog
State Changed From-To: feedback->open Maintainer approved.
Responsible Changed From-To: freebsd-ports-bugs->gabor Take.
gabor 2006-12-27 13:48:05 UTC FreeBSD ports repository Modified files: www/zope Makefile distinfo pkg-plist Log: - Fix security issue - Bump PORTREVISION PR: ports/106505 Submitted by: HAYASHI Yasushi <yasi@yasi.to> Approved by: erwin (mentor), Gerhard Schmidt <estartu@augusta.de> (maintainer) Security: http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt Revision Changes Path 1.74 +11 -3 ports/www/zope/Makefile 1.39 +3 -0 ports/www/zope/distinfo 1.44 +5 -0 ports/www/zope/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Both committed, thanks! I applied a slight change in your vuln.xml patch.
gabor 2006-12-27 16:31:50 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Update the www/zope entry to indicate it is fixed now PR: ports/106505 Submitted by: HAYASHI Yasushi <yasi@yasi.to> Reviewed by: simon Approved by: erwin (mentor) Revision Changes Path 1.1260 +4 -3 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"