r2532 - in zope2.12/trunk/debian (3 files)
mejo at users.alioth.debian.org
mejo at users.alioth.debian.org
Thu Oct 27 10:14:16 UTC 2011
Date: Thursday, October 27, 2011 @ 10:14:14
Author: mejo
Revision: 2532
add patch for recent serious authentication vulnerability
Added:
zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
Modified:
zope2.12/trunk/debian/changelog
zope2.12/trunk/debian/patches/series
Modified: zope2.12/trunk/debian/changelog
===================================================================
--- zope2.12/trunk/debian/changelog 2011-10-26 17:35:27 UTC (rev 2531)
+++ zope2.12/trunk/debian/changelog 2011-10-27 10:14:14 UTC (rev 2532)
@@ -2,8 +2,13 @@
* NOT RELEASED YET.
* Update Homepage field to point to correct page http://zope2.zope.org/.
+ * Add debian/patches/Zope2-fix_serious_authentication_vulnerability.patch,
+ fixing a serious authentication vulnerability in stock configuration.
+ No CVE number assigned yet.
+ See https://mail.zope.org/pipermail/zope-dev/2011-October/043592.html
+ for further information.
- -- Jonas Meurer <mejo at debian.org> Tue, 18 Oct 2011 11:11:54 +0200
+ -- Jonas Meurer <mejo at debian.org> Thu, 27 Oct 2011 12:06:10 +0200
zope2.12 (2.12.20-1) unstable; urgency=low
Added: zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch
===================================================================
--- zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch (rev 0)
+++ zope2.12/trunk/debian/patches/Zope2-fix_serious_authentication_vulnerability.patch 2011-10-27 10:14:14 UTC (rev 2532)
@@ -0,0 +1,15 @@
+Description: Fix serious authentication vulnerability in stock configuration.
+Author: Zope Foundation and Contributors <zope-dev at zope.org>
+Last-Update: 2011-10-24
+
+--- source/Zope2/src/AccessControl/User.py
++++ source/Zope2/src/AccessControl/User.py
+@@ -1027,6 +1027,8 @@
+ """ returns true if domain auth mode is set to true"""
+ return getattr(self, '_domain_auth_mode', None)
+
++InitializeClass(BasicUserFolder)
++
+
+ class UserFolder(BasicUserFolder):
+
Modified: zope2.12/trunk/debian/patches/series
===================================================================
--- zope2.12/trunk/debian/patches/series 2011-10-26 17:35:27 UTC (rev 2531)
+++ zope2.12/trunk/debian/patches/series 2011-10-27 10:14:14 UTC (rev 2532)
@@ -3,3 +3,4 @@
Zope2-webdav_urljoin.patch
Zope2-deb_zopeconf.patch
ZODB3-fix_shebang.patch
+Zope2-fix_serious_authentication_vulnerability.patch
More information about the pkg-zope-developers
mailing list