Bug 99952 - [maintainer update] www/zope29 update: security Hot Fix
Summary: [maintainer update] www/zope29 update: security Hot Fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Ion-Mihai "IOnut" Tetcu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-09 06:00 UTC by HAYASHI Yasushi
Modified: 2006-08-06 14:45 UTC (History)
0 users

See Also:

Attachments
zope29.diff (2.45 KB, patch)
2006-07-09 06:00 UTC, HAYASHI Yasushi 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description HAYASHI Yasushi 2006-07-09 06:00:29 UTC 
Zope.org released security Hot Fix for Zope 2.x.  See detail at:
   Serious security problem with Zope 2.
   http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-2006-07-05/
Comment 1 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-07-09 13:26:05 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->itetcu

I'll take it.
Comment 2 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-07-09 13:36:48 UTC 
State Changed
From-To: open->feedback

Commited, thanks! Could you also submit a VuXML entry for this problem 
(if there isn't one already) ?
Comment 3 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-07-09 13:37:09 UTC 
State Changed
From-To: feedback->patched

Patch commited, wainting for  VuXML entry.
Comment 4 HAYASHI Yasushi 2006-07-09 15:06:24 UTC 
Thanks for your commiting :-)

How about this my first patch for /usr/ports/security/vuxml/vuln.xml?


diff -urN /usr/ports/security/vuxml.old/vuln.xml
/usr/ports/security/vuxml/vuln.xml
--- /usr/ports/security/vuxml.old/vuln.xml	Thu Jul  6 19:50:20 2006
+++ /usr/ports/security/vuxml/vuln.xml	Sun Jul  9 23:00:24 2006
@@ -6332,6 +6332,42 @@
     </dates>
   </vuln>

+  <vuln vid="ea8c8fd2-0f4a-11db-a61a-0090991a6436">
+    <topic>zope -- Zope Docutils Information Disclosure
Vulnerability</topic>
+    <affects>
+      <package>
+	<name>zope</name>
+	<range><ge>2.7.0</ge><le>2.7.8</le></range>
+	<range><ge>2.8.0</ge><le>2.8.7</le></range>
+	<range><ge>2.9.0</ge><le>2.9.3</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>A Zope Hotfix Alert reports:</p>
+	<blockquote
cite="http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt">
+	  <p>This hotfix corrects an information disclosure vulnerability
+            in Zope2, due to Zope2's use of the docutils module to parse
+            and render "restructured text".</p>
+          <p>Sites which allow untrusted users to create restructured
+            text as through-the-web content should apply this hotfix.</p>
+          <p>The hotfix may be removed after upgrading to a version of
+            Zope2 more recent than this hotfix.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <freebsdpr>ports/99952</freebsdpr>
+      <bid>18856</bid>
+
<url>http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-2006-07-05/view</url>
+
<url>http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html</url>
+    </references>
+    <dates>
+      <discovery>2006-07-05</discovery>
+      <entry>2005-07-08</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="d2b80c7c-3aae-11da-9484-00123ffe8333">
     <topic>zope -- expose RestructuredText functionality to untrusted
users</topic>
     <affects>
Comment 5 Ion-Mihai "IOnut" Tetcu freebsd_committer freebsd_triage 2006-08-06 14:45:14 UTC 
State Changed
From-To: patched->closed

Both the update and the VulnXML entry have been commited