[Pkg-zope-developers] zope2.7 security fix (for bug 334055)

[A Mennucc]

hi everybody

I have (hopefully) fixed the bug 334055 of  zope2.7, that is  a security alert.

Note that my patch is much smaller than the original hotfix,
which included also some new features such as nl and ca languages -
- but usually we do not add new features in Debian when releasing security
upgrades.

--------- testing

This is the updated binary for testing/etch
http://tonelli.sns.it/pub/mennucc1/zope/debian/etch-security/zope2.7_2.7.5-3sec1.deb

I will not upload it to secure-testing-master since it violates point 1 at
http://secure-testing-master.debian.net/ 
"Only upload changes that have already been made in unstable."
People in the pkg-zope-team are  introducing in unstable a completely
different zope framework.

--------- sarge

This is the proposed update for stable/sarge :
http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope2.7_2.7.5-2sec1_source.changes
unfortunately I do not have available a clean sarge environment, so
you have to compile it.

This is the diff w.r.t the older version
http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope-hotfix_2005-10-09-sarge.diff

Warning: do not apply that patch to the installed files of zope2.7,
it will not work. Compile the above source, or help me use a sarge buildd.

a.

ps: I wrote to the security team asking info on the sarge upload, never
 got an answer.  Question: can I upload a source-only to sarge-security?

ps2: I would also appreciate if someone who understands what 334055 is about
 would compile and test my fix to see if it really works.

-- 
Andrea Mennucc
 "E' un mondo difficile. Che vita intensa!" (Tonino Carotone)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20051021/71ecb391/attachment.pgp