It seems that Debian, on Agoust, made a security update on zope2.10,
zope2.11 and zope-common.
zope2.10 (this package)
zope2.11 (2.11.4-1) unstable; urgency=high
* New upstream release, fixes two vulnerabilities in the ZEO network
protocol: CVE-2009-0668 and CVE-2009-0669. (closes: #540463)
* Add support to start a particular instance to initscript.
* Bump pre-depends on zope-common to 0.5.49 and build-depends on debhelper
to 0.3.14 to use invoke-rc.d in maintainer scripts. (closes: #540158)
* Set urgency=high as this upload fixes two serious bugs.
-- Jonas Meurer <m...@debian.org> Sun, 09 Aug 2009 16:00:28 +0200
zope-common (0.5.49) unstable; urgency=high
* add zope2.12 to known zope releases in dzhandle.
* bump standards-version to 3.8.2, noch changes needed.
* bump debhelper compat level to 6.
* add russian debconf translation, thanks to Yuri Kozlov. (closes: #539466)
* add spanish debconf translation, thanks to Fernando González de Requena.
(closes: #539588)
* use 'invoke-rc.d zopeZVER restart INSTANCE=<name>' to restart pending zope
instances in DZRestartPendingInstances.run().
* add Breaks: zope2.7, zope2.8, zope2.9, zope2.10 (<< 2.10.9), zope2.11
(<< 2.11.4) for that reason.
* set urgency=high for that reason.
-- Jonas Meurer <m...@debian.org> Mon, 10 Aug 2009 14:44:40 +0200
Ubuntu, on karmic, synced only zope2.10 breaking the dependences on
zope-common, this bug report.
For lucid I suggest a sync/merge with upstream.
For karmic?
A SRU with the right dependences closes this bug, but doesn't solve the bug
mentioned on changelog.
How we proceed in this case?
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0668
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0669
--
Depends by zope-common version not available
https://bugs.launchpad.net/bugs/418008
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
