zope -- restructuredText "csv_table" Information Disclosure
HAYASHI Yasushi
yasi at yasi.to
Mon Dec 11 15:20:35 PST 2006
On 10/19/06, Andrew Pntyukhim wrote:
> The vulnerability has been confirmed in these versions,
> but as far as we know there are no versions confirmed
> to be safe yet. To be on the safe side we never put an
> upper limit on version numbers until we know it for
> sure.
Please add upper limit to vid="65a8f773-4a37-11db-a4cc-000a48049292".
There are two reasons.
(1) I sent PRs for this vulnerability
This will update www/zope to zope-2.7.9_1 and www/zope28 to zope-2.8.8_1.
See:
http://www.freebsd.org/cgi/query-pr.cgi?pr=106505
http://www.freebsd.org/cgi/query-pr.cgi?pr=106508
(2) IT points TOO wide range
Current range causes for www/zope3 which does not have this vulnerable.
> > vxquery -t text /usr/ports/security/vuxml/vuln.xml zope-3.3.0
> Topic: zope -- restructuredText "csv_table" Information Disclosure
> Affects:
> 0 <= zope
> References:
> bid:20022
> cvename:CVE-2006-4684
> url:http://secunia.com/advisories/21947/
> url:http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/READ
ME.txt
> <URL:http://vuxml.freebsd.org/65a8f773-4a37-11db-a4cc-000a48049292.html>
>
> >
> www# pwd
> /usr/ports/www/zope3
> www# make fetch
> ===> zope-3.3.0 has known vulnerabilities:
> => zope -- restructuredText "csv_table" Information Disclosure.
> Reference: <http://www.FreeBSD.org/ports/portaudit/65a8f773-4a37-11db-a4cc-00
0a48049292.html>
> => Please update your ports tree and try again.
> *** Error code 1
>
> Stop in /usr/ports/www/zope3.
> www#
Thank you for reading.
--
----+----1----+----2----+----3----+----4----+----5----+----6----+----7--
HAYASHI Yasushi <yasi at yasi.to>
http://www.yasi.to/blog
More information about the freebsd-vuxml
mailing list