Package: zope-cmfplone Severity: grave Tags: security Justification: user security hole
I don't know very much about Plone and I didn't investigate too deeply as Sarge is not affected, but I suppose this needs to be fixed for Etch: http://plone.org/about/security/advisories/cve-2006-4249/ | PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) | has a potential vulnerability that allows a user to | masquerade as a group. Please update your sites. Applying the hotfix is probably preferable to upgrading to 2.5.2. Cheers, Moritz -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
