CVE-2007-0240 - zope2.7 - #416500
Noah Meyerhans
noahm at debian.org
Wed Mar 28 16:46:35 UTC 2007
On Wed, Mar 28, 2007 at 05:12:49PM +0200, J?r?my Bobbio wrote:
> CVE-2007-0240 which is described on zope.org [1] affects the zope2.7
> package in Debian Sarge. This bug is #416500.
>
> [1] http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
>
> Upstream did not provide a fixed version for Zope 2.7, but I made a
> backport of the differences between Zope 2.8.8 and Zope 2.8.9 related
> to the security issue.
>
> My tests showed no regressions and a fix of the issue. Attached, you
> will find the .diff.gz and .dsc of a possible fixed package that I am
> willing to upload.
>
> I am waiting your instructions on what do to next.
Thank you for your efforts in backporting this security fix. I've
reviewed your changes and my only complaint is that a security upload is
not the right time to add yourself to the Uploaders field. I would
prefer that you revert that change. Beyond that, things look good and
you should upload to stable-security.
noah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20070328/0d5ccb0a/attachment.pgp
More information about the pkg-zope-developers
mailing list