Date: Tue, 12 Dec 2006 08:19:54 +0900 From: "HAYASHI Yasushi" <yasi@yasi.to> To: freebsd-vuxml@freebsd.org Subject: Re: zope -- restructuredText "csv_table" Information Disclosure Message-ID: <dcf270660612111519t33aed8egddd454d40bc94add@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
On 10/19/06, Andrew Pntyukhim wrote: > The vulnerability has been confirmed in these versions, > but as far as we know there are no versions confirmed > to be safe yet. To be on the safe side we never put an > upper limit on version numbers until we know it for > sure. Please add upper limit to vid="65a8f773-4a37-11db-a4cc-000a48049292". There are two reasons. (1) I sent PRs for this vulnerability This will update www/zope to zope-2.7.9_1 and www/zope28 to zope-2.8.8_1. See: http://www.freebsd.org/cgi/query-pr.cgi?pr=106505 http://www.freebsd.org/cgi/query-pr.cgi?pr=106508 (2) IT points TOO wide range Current range causes for www/zope3 which does not have this vulnerable. > > vxquery -t text /usr/ports/security/vuxml/vuln.xml zope-3.3.0 > Topic: zope -- restructuredText "csv_table" Information Disclosure > Affects: > 0 <= zope > References: > bid:20022 > cvename:CVE-2006-4684 > url:http://secunia.com/advisories/21947/ > url:http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/READ ME.txt > <URL:http://vuxml.freebsd.org/65a8f773-4a37-11db-a4cc-000a48049292.html> > > > > www# pwd > /usr/ports/www/zope3 > www# make fetch > ===> zope-3.3.0 has known vulnerabilities: > => zope -- restructuredText "csv_table" Information Disclosure. > Reference: <http://www.FreeBSD.org/ports/portaudit/65a8f773-4a37-11db-a4cc-00 0a48049292.html> > => Please update your ports tree and try again. > *** Error code 1 > > Stop in /usr/ports/www/zope3. > www# Thank you for reading. -- ----+----1----+----2----+----3----+----4----+----5----+----6----+----7-- HAYASHI Yasushi <yasi@yasi.to> http://www.yasi.to/blog
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dcf270660612111519t33aed8egddd454d40bc94add>