From fmysh at iijmio-mail.jp Thu Oct 19 11:59:57 2006 From: fmysh at iijmio-mail.jp (TAOKA Fumiyoshi) Date: Thu Oct 19 12:00:02 2006 Subject: zope -- restructuredText "csv_table" Information Disclosure Message-ID: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> zope -- restructuredText "csv_table" Information Disclosure http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html It is said that affected packages are zope >= 0 in the VuXML entry. While referenced pages in the entry say that they are: Zope 2.7.0 - 2.7.9 Zope 2.8.0 - 2.8.8 http://www.securityfocus.com/bid/20022 http://www.vuxml.org/freebsd/CVE-2006-4684.html http://secunia.com/advisories/21947/ http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/ README.txt I hope this is useful. -- TAOKA Fumiyoshi From infofarmer at FreeBSD.org Thu Oct 19 12:52:24 2006 From: infofarmer at FreeBSD.org (Andrew Pantyukhin) Date: Thu Oct 19 12:52:26 2006 Subject: zope -- restructuredText "csv_table" Information Disclosure In-Reply-To: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> References: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> Message-ID: On 10/19/06, TAOKA Fumiyoshi wrote: > zope -- restructuredText "csv_table" Information Disclosure > http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html > > It is said that affected packages are zope >= 0 in the VuXML entry. > While referenced pages in the entry say that they are: > Zope 2.7.0 - 2.7.9 > Zope 2.8.0 - 2.8.8 > > http://www.securityfocus.com/bid/20022 > http://www.vuxml.org/freebsd/CVE-2006-4684.html > http://secunia.com/advisories/21947/ > http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/ > README.txt The vulnerability has been confirmed in these versions, but as far as we know there are no versions confirmed to be safe yet. To be on the safe side we never put an upper limit on version numbers until we know it for sure. Thanks!