CVE-2010-1104 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1104): Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
2.9 and 2.10 done. Missing 2.12
net-zope/zope-2.12.3 was added to the tree on 2010-01-18. (I'm in net-zope alias.)
We had stable releases of 2.9.x and 2.10.x, so we need to stabilize those. Are 2.10.11 and 2.9.12 read to go stable? If so, please add arches. Please remove vulnerable versions afterwards.
Note: by afterwards I mean after all arches are stable, not after adding arches.
Please stabilize: net-zope/zope-2.9.12 net-zope/zope-2.10.11
I tested both versions on x86, they seem to be fine.
stable x86, thanks Andreas
ppc done
amd64 stable
alpha/sparc stable
XSS →noglsa