Bug#401796: CVE-2006-4249: Plone vulnerability
Encolpe Degoute
encolpe.degoute at free.fr
Wed Dec 6 21:44:56 UTC 2006
Moritz Muehlenhoff a écrit :
> Package: zope-cmfplone
> Severity: grave
> Tags: security
> Justification: user security hole
>
> I don't know very much about Plone and I didn't investigate too deeply
> as Sarge is not affected, but I suppose this needs to be fixed for Etch:
>
> http://plone.org/about/security/advisories/cve-2006-4249/
>
> | PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1)
> | has a potential vulnerability that allows a user to
> | masquerade as a group. Please update your sites.
>
> Applying the hotfix is probably preferable to upgrading to 2.5.2.
+1
There's no Plone 2.5.2 release before january, apply the patch is the
solution for etch.
Regards,
--
Encolpe DEGOUTE
http://encolpe.degoute.free.fr/
Logiciels libres, hockey sur glace et autres activités cérébrales
More information about the pkg-zope-developers
mailing list