Bug#449523: Plone interprets network data as Python pickles [CVE-2007-5741]

Thijs Kinkhorst thijs at debian.org
Tue Nov 6 09:53:30 UTC 2007


Package: zope-cmfplone
Version: 2.5.1-4
Severity: grave
Tags: patch security

Hi!

The Plone security team has issued an advisory concerning Plone:

On Tuesday 6 November 2007 10:38, Wichert Akkerman wrote:
> We've published the advisory:
> http://plone.org/about/security/advisories/cve-2007-5741

A hotfix is available. It seems at least stable, testing and unstable are 
affected, oldstable is unclear.

Could you please:
- Prepare updated packages for (old)stable containing this fix and send them 
to the security team for review?
- Fix the issue in sid and upload with high urgency?

In both cases please mention CVE-2007-5741 in the changelog.


thanks,

Thijs Kinkhorst
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20071106/e4f0c5c4/attachment.pgp 


More information about the pkg-zope-developers mailing list