New Plone issues

Salvatore Bonaccorso carnil at debian.org
Fri Dec 13 16:40:06 UTC 2013


Hi,

On Fri, Dec 13, 2013 at 05:16:51PM +0200, Gediminas Paulauskas wrote:
> 2013/12/13 Moritz Muehlenhoff <jmm at debian.org>
> 
> > Hi,
> > there are three new CVE assignments for issues in Plone. I vaguely
> > remember that this seems
> > to be related to Zope, but I don't have a full picture of the packages.
> > Does any of this affect Debian?
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7060 (non issue in
> > Debian)
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7061
> 
> 
> Both are not relevant, because Plone is not available in Debian.
> 
> 
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7062
> 
> 
> The affected file exists in zope2.12 package, available in wheezy only.
> This patch has not been merged to the 2.12 branch, and a release has not
> been made.
> 
> The version in wheezy is 2.12.26 and there are two more upstream releases
> containing security-related fixes (nothing else is being done to this old
> branch).
> 
> https://github.com/zopefoundation/Zope/blob/2.12/doc/CHANGES.rst

Thanks! I have updated the security-tracker with this information.

Regards,
Salvatore



More information about the pkg-zope-developers mailing list