I think it is better it this email is also part of this bug report (this email was sent on Oct 21)
----- Forwarded message from debdev ----- To: debian-devel@lists.debian.org Cc: [EMAIL PROTECTED] Subject: zope2.7 security fix (for bug 334055) Reply-To: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] hi everybody I have (hopefully) fixed the bug 334055 of zope2.7, that is a security alert. Note that my patch is much smaller than the original hotfix, which included also some new features such as nl and ca languages - - but usually we do not add new features in Debian when releasing security upgrades. --------- testing This is the updated binary for testing/etch http://tonelli.sns.it/pub/mennucc1/zope/debian/etch-security/zope2.7_2.7.5-3sec1.deb I will not upload it to secure-testing-master since it violates point 1 at http://secure-testing-master.debian.net/ "Only upload changes that have already been made in unstable." People in the pkg-zope-team are introducing in unstable a completely different zope framework. --------- sarge This is the proposed update for stable/sarge : http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope2.7_2.7.5-2sec1_source.changes unfortunately I do not have available a clean sarge environment, so you have to compile it. This is the diff w.r.t the older version http://tonelli.sns.it/pub/mennucc1/zope/debian/sarge-security/zope-hotfix_2005-10-09-sarge.diff Warning: do not apply that patch to the installed files of zope2.7, it will not work. Compile the above source, or help me use a sarge buildd. a. ps: I wrote to the security team asking info on the sarge upload, never got an answer. Question: can I upload a source-only to sarge-security? ps2: I would also appreciate if someone who understands what 334055 is about would compile and test my fix to see if it really works. ----- End forwarded message -----
signature.asc
Description: Digital signature
