* 2006-12-06 23:08, Encolpe Degoute wrote: > Moritz Muehlenhoff a écrit : > > Package: zope-cmfplone > > Severity: grave > > Tags: security > > Justification: user security hole > > > > I don't know very much about Plone and I didn't investigate too deeply > > as Sarge is not affected, but I suppose this needs to be fixed for Etch: > > > > http://plone.org/about/security/advisories/cve-2006-4249/ > > > > | PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) > > | has a potential vulnerability that allows a user to > > | masquerade as a group. Please update your sites. > > > > Applying the hotfix is probably preferable to upgrading to 2.5.2. > > +1 > > There's no Plone 2.5.2 release before january, apply the patch is the > solution for etch.
I'm working on this issue, and I'll upload the fix to unstable ASAP. Cheers, -- Fabio Tranchitella http://www.kobold.it Free Software Developer and Consultant http://www.tranchitella.it _____________________________________________________________________ 1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
