Linux Security
    Linux Security
    Linux Security

    Debian: New Version of zope released

    Date 21 Aug 2000
    3188
    Posted By LinuxSecurity Advisories
    On versions of Zope prior to 2.2.1 it was possible for a user with theability to edit DTML to gain unauthorized access to extra roles during arequest. A fix was previously announced in the Debian zope package2.1.6-5.1, but that package did not fully address the issue and has beensuperseded by this announcement.
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                            Michael Stone
    August 21, 2000
    - ------------------------------------------------------------------------
    
    Package: zope
    Vulnerability type: remote unprivileged access
    Debian-specific: no
    
    On versions of Zope prior to 2.2.1 it was possible for a user with the
    ability to edit DTML to gain unauthorized access to extra roles during a
    request. A fix was previously announced in the Debian zope package
    2.1.6-5.1, but that package did not fully address the issue and has been
    superseded by this announcement. More information is available at 
    https://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert
    
    Debian 2.1 (slink) did not include zope, and is not vulnerable. Debian
    2.2 (potato) does include zope and is vulnerable to this issue. A fixed
    package for Debian 2.2 (potato) is available in zope 2.1.6-5.2.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      This version of Debian did not include zope and is not vulnerable.
    
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
        
    https://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.diff.gz
          MD5 checksum: 2b2a0c23b842b5799520c57de2678292
        
    https://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.dsc
          MD5 checksum: 04b8ff47d816bdeb5291e372e5e10006
     
    https://security.debian.org/dists/potato/updates/main/source/zope_2.1.6.orig.tar.gz
          MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
      Alpha architecture:
        
    https://security.debian.org/dists/potato/updates/main/binary-alpha/zope_2.1.6-5.2_alpha.deb
          MD5 checksum: 0f7062e8a0b7449887cba647de996fda
      Arm architecture:
        
    https://security.debian.org/dists/potato/updates/main/binary-arm/zope_2.1.6-5.2_arm.deb
          MD5 checksum: 64ce5c2f0edb255ccc89b8006cc2f0d2
      Intel ia32 architecture:
        
    https://security.debian.org/dists/potato/updates/main/binary-i386/zope_2.1.6-5.2_i386.deb
          MD5 checksum: b105defbc9f1d66bb2cb89ef05b94d40
      Motorola 680x0 architecture:
        Will be available shortly
      PowerPC architecture:
        Will be available shortly
      Sun Sparc architecture:
        
    https://security.debian.org/dists/potato/updates/main/binary-sparc/zope_2.1.6-5.2_sparc.deb
          MD5 checksum: d1cefd0a6d40e3b1f00889b7b2d489a9
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.2 (GNU/Linux)
    Comment: For info see  https://www.gnupg.org
    
    iQCVAwUBOaEhTA0hVr09l8FJAQHnewQAnD5faWwqBRiDhUiIwOFRpBw5a3kdFifo
    yecN02T7daxX1hP8JJ9SFVwC+CvTax+rs+0pAhPDPljbiLy+ink0gGI8rGNffeZW
    qI+wvZRw3gdGynwYmP2c7ssiR3HyF6rh69DVZFeqytWnL3fS9IQi5HxdLTWP2tQi
    LcgLcGCht/Q=
    =6Ym9
    -----END PGP SIGNATURE-----
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"12","type":"x","order":"1","pct":6.42,"resources":[]},{"id":"159","title":"False","votes":"175","type":"x","order":"2","pct":93.58,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    You have already voted for this poll.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.