Comment 1 Tupone Alfredo 2010-04-07 12:49:40 UTC

2.9 and 2.10 done. Missing 2.12

Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2010-04-07 20:16:12 UTC

net-zope/zope-2.12.3 was added to the tree on 2010-01-18.

(I'm in net-zope alias.)

Comment 3 Stefan Behte (RETIRED) 2010-04-09 15:58:38 UTC

We had stable releases of 2.9.x and 2.10.x, so we need to stabilize those.
Are 2.10.11 and 2.9.12 read to go stable? If so, please add arches.

Please remove vulnerable versions afterwards.

Comment 4 Stefan Behte (RETIRED) 2010-04-09 15:59:47 UTC

Note: by afterwards I mean after all arches are stable, not after adding arches.

Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2010-04-10 11:13:45 UTC

Please stabilize:
  net-zope/zope-2.9.12
  net-zope/zope-2.10.11

Comment 6 Andreas Schürch 2010-04-11 11:34:21 UTC

I tested both versions on x86, they seem to be fine.

Comment 7 Stefan Behte (RETIRED) 2010-04-11 14:03:03 UTC

CVE-2010-1104 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1104):
  Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12,
  2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and
  2.12.x before 2.12.3 allows remote attackers to inject arbitrary web
  script or HTML via vectors related to error messages.

Comment 8 Christian Faulhammer (RETIRED) 2010-04-12 12:40:30 UTC

stable x86, thanks Andreas

Comment 9 Brent Baude (RETIRED) 2010-04-15 15:59:39 UTC

ppc done

Comment 10 Markus Meier 2010-04-18 11:56:10 UTC

amd64 stable

Comment 11 Raúl Porcel (RETIRED) 2010-05-04 18:55:34 UTC

alpha/sparc stable

Comment 12 Alex Legler (RETIRED) 2010-05-05 04:52:08 UTC

XSS →noglsa