r2532 - in zope2.12/trunk/debian (3 files)

mejo at users.alioth.debian.org mejo at users.alioth.debian.org
Thu Oct 27 10:14:16 UTC 2011


    Date: Thursday, October 27, 2011 @ 10:14:14
  Author: mejo
Revision: 2532

add patch for recent serious authentication vulnerability

Added:
  zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
Modified:
  zope2.12/trunk/debian/changelog
  zope2.12/trunk/debian/patches/series

Modified: zope2.12/trunk/debian/changelog
===================================================================
--- zope2.12/trunk/debian/changelog	2011-10-26 17:35:27 UTC (rev 2531)
+++ zope2.12/trunk/debian/changelog	2011-10-27 10:14:14 UTC (rev 2532)
@@ -2,8 +2,13 @@
 
   * NOT RELEASED YET.
   * Update Homepage field to point to correct page http://zope2.zope.org/.
+  * Add debian/patches/Zope2-fix_serious_authentication_vulnerability.patch,
+    fixing a serious authentication vulnerability in stock configuration.
+    No CVE number assigned yet.
+    See https://mail.zope.org/pipermail/zope-dev/2011-October/043592.html
+    for further information.
 
- -- Jonas Meurer <mejo at debian.org>  Tue, 18 Oct 2011 11:11:54 +0200
+ -- Jonas Meurer <mejo at debian.org>  Thu, 27 Oct 2011 12:06:10 +0200
 
 zope2.12 (2.12.20-1) unstable; urgency=low
 

Added: zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
===================================================================
--- zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	                        (rev 0)
+++ zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch	2011-10-27 10:14:14 UTC (rev 2532)
@@ -0,0 +1,15 @@
+Description: Fix serious authentication vulnerability in stock configuration.
+Author: Zope Foundation and Contributors <zope-dev at zope.org>
+Last-Update: 2011-10-24
+
+--- source/Zope2/src/AccessControl/User.py
++++ source/Zope2/src/AccessControl/User.py
+@@ -1027,6 +1027,8 @@
+         """ returns true if domain auth mode is set to true"""
+         return getattr(self, '_domain_auth_mode', None)
+ 
++InitializeClass(BasicUserFolder)
++
+ 
+ class UserFolder(BasicUserFolder):
+ 

Modified: zope2.12/trunk/debian/patches/series
===================================================================
--- zope2.12/trunk/debian/patches/series	2011-10-26 17:35:27 UTC (rev 2531)
+++ zope2.12/trunk/debian/patches/series	2011-10-27 10:14:14 UTC (rev 2532)
@@ -3,3 +3,4 @@
 Zope2-webdav_urljoin.patch
 Zope2-deb_zopeconf.patch
 ZODB3-fix_shebang.patch
+Zope2-fix_serious_authentication_vulnerability.patch




More information about the pkg-zope-developers mailing list