Bug#692899: marked as done (zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 20121106 fix)

Wed, 06 Mar 2013 02:21:18 -0800 

Your message dated Wed, 06 Mar 2013 10:17:55 +0000
with message-id <e1udbq3-0007f0...@franck.debian.org>
and subject line Bug#692899: fixed in zope2.12 2.12.26-1
has caused the Debian Bug report #692899,
regarding zope2.12: [CVE-2012-5485 to 5508] Multiple vectors corrected within 
20121106 fix
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692899: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: zope2.12
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see : http://seclists.org/oss-sec/2012/q4/249

Can you confirm if any of the Debian packages are affected?

Cheers,
luciano

--- End Message ---
--- Begin Message --- 
Source: zope2.12
Source-Version: 2.12.26-1

We believe that the bug you reported is fixed in the latest version of
zope2.12, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arnaud Fontaine <ar...@debian.org> (supplier of updated zope2.12 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 06 Mar 2013 18:46:14 +0900
Source: zope2.12
Binary: zope2.12 zope2.12-sandbox
Architecture: source amd64 all
Version: 2.12.26-1
Distribution: unstable
Urgency: high
Maintainer: Debian/Ubuntu Zope Team 
<pkg-zope-develop...@lists.alioth.debian.org>
Changed-By: Arnaud Fontaine <ar...@debian.org>
Description: 
 zope2.12   - Open Source Web Application Server
 zope2.12-sandbox - sandbox instance for the zope2.12 web application server
Closes: 656552 692899
Changes: 
 zope2.12 (2.12.26-1) unstable; urgency=high
 .
   * New upstream release. Closes: #692899.
     + Fix Reflexive HTTP header injection (CVE-2012-5486).
     + Fix Timing attack in password validation (CVE-2012-5507).
     + Fix PRNG which wasn't reseeded (CVE-2012-5508).
   * debian/patches/CVE-2012-5505.patch:
     + Fix Attempting to access a view with no name returns an internal
       data structure (CVE-2012-5505). Thanks to Tres Seaver. Closes: #692899.
   * debian/control:
     + Bump zope.common required version as the debconf template
       has been updated. Closes: #656552.
   * debian/rules:
     + As dh_python (>= 2.7.3-1) rewrites shebangs by default, overriding
       dh_auto_install to fix shebangs does not work anymore as dh_python2 is
       called afterwards, instead use dh_python2 to rewrite them.
       - debian/control: bump python Build-Depends.
       - Drop now useless ZODB3-fix_shebang.patch.
Checksums-Sha1: 
 72498242056be8859d051251d85005251aafbf59 1528 zope2.12_2.12.26-1.dsc
 2868c0bcb81acd9d8c1a49a154ffcfae49ccdd7c 6022051 zope2.12_2.12.26.orig.tar.gz
 ef3d25b19cd77dad1ef84f59f0381fc7223e57eb 32532 zope2.12_2.12.26-1.debian.tar.gz
 cbfee63c32966528aadfdd096fed70712a264598 5416146 zope2.12_2.12.26-1_amd64.deb
 a466f71c5d2d1911044bfbc68b850aedf393e9fb 26414 
zope2.12-sandbox_2.12.26-1_all.deb
Checksums-Sha256: 
 97b87a1ffbb0f45ef7bd66bf0b6e6f9cc5d104e40649c5537497cbbab6679ca5 1528 
zope2.12_2.12.26-1.dsc
 74105e35664c2a71fb16ac932fb71dd46e098b41b369908a884f885a25d2b35a 6022051 
zope2.12_2.12.26.orig.tar.gz
 59d713b0356bcf5ed2f4da67f70dfdbf72975db115780140e88c0eda746bbc16 32532 
zope2.12_2.12.26-1.debian.tar.gz
 2911bccccddf1001d4164ec6ca4857ce0dfccdb8bfef15e42b1c1bfdc2b1808d 5416146 
zope2.12_2.12.26-1_amd64.deb
 a081b39090ef313723ae77b6d3eed38851a0f47e6147f0359aaa163bcd7f2527 26414 
zope2.12-sandbox_2.12.26-1_all.deb
Files: 
 0fa05fb02eb199588b9583427b9694dc 1528 zope optional zope2.12_2.12.26-1.dsc
 01de0d09d88edbfe601330f328622ce3 6022051 zope optional 
zope2.12_2.12.26.orig.tar.gz
 cecfa4fd124db3de12c2fda1ab36138d 32532 zope optional 
zope2.12_2.12.26-1.debian.tar.gz
 14fbecdbaa94ffceb451a33a86c2108c 5416146 zope optional 
zope2.12_2.12.26-1_amd64.deb
 80e45a44f29995b0cdab8cc3ea7614d2 26414 zope optional 
zope2.12-sandbox_2.12.26-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlE3EqQACgkQvfKiIF42GdOxUwCfQq0lWmTtSGXb+xLN5JbLn1TR
7LMAn3yDU9zN9n1CJ/tswT0XyhNxVMfz
=SRO9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to