r2685 - in zope2.12/trunk/debian (changelog)
arnau at users.alioth.debian.org
arnau at users.alioth.debian.org
Sat Nov 24 04:36:57 UTC 2012
Date: Saturday, November 24, 2012 @ 04:36:54
Author: arnau
Revision: 2685
Prepare upload of Zope 2.12.26 (security release).
Modified:
zope2.12/trunk/debian/changelog
Modified: zope2.12/trunk/debian/changelog
===================================================================
--- zope2.12/trunk/debian/changelog 2012-09-28 02:47:00 UTC (rev 2684)
+++ zope2.12/trunk/debian/changelog 2012-11-24 04:36:54 UTC (rev 2685)
@@ -1,3 +1,12 @@
+zope2.12 (2.12.26-1) UNRELEASED; urgency=high
+
+ * New upstream release.
+ + Fix Reflexive HTTP header injection (CVE-2012-5486).
+ + Fix Timing attack in password validation (CVE-2012-5507).
+ + Fix PRNG which wasn't reseeded (CVE-2012-5508).
+
+ -- Arnaud Fontaine <arnau at debian.org> Sat, 24 Nov 2012 13:36:11 +0900
+
zope2.12 (2.12.23-1) unstable; urgency=low
* New upstream release.
More information about the pkg-zope-developers
mailing list