zope -- restructuredText "csv_table" Information Disclosure

Andrew Pantyukhin infofarmer at FreeBSD.org
Thu Oct 19 12:52:24 PDT 2006


On 10/19/06, TAOKA Fumiyoshi <fmysh at iijmio-mail.jp> wrote:
> zope -- restructuredText "csv_table" Information Disclosure
> http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html
>
> It is said that affected packages are zope >= 0 in the VuXML entry.
> While referenced pages in the entry say that they are:
>     Zope 2.7.0 - 2.7.9
>     Zope 2.8.0 - 2.8.8
>
> http://www.securityfocus.com/bid/20022
> http://www.vuxml.org/freebsd/CVE-2006-4684.html
> http://secunia.com/advisories/21947/
> http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/
> README.txt

The vulnerability has been confirmed in these versions,
but as far as we know there are no versions confirmed
to be safe yet. To be on the safe side we never put an
upper limit on version numbers until we know it for
sure.

Thanks!


More information about the freebsd-vuxml mailing list