Very limited info from $url: This release fixes a bug which could be exploited to create a denial-of-service in certain non-default configurations of Zope (CVE-2010-3198). All users of earlier 2.10.x versions of Zope should upgrade to this version The initial discussion of the issue appears to be at: https://bugs.launchpad.net/zope2/+bug/627988
The upstream bug (https://bugs.launchpad.net/zope2/+bug/627988) says this is fixed in Zope 2.10.12 and Zope 2.11.7. There appears to be many more recent versions in the tree. @net-zope, are any of the current packages a suitable stabilization target? Thank you.
CVE-2010-3198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3198): ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
Vulnerable versions are masked.
(In reply to comment #3) > Vulnerable versions are masked. Great, thanks. GLSA Vote: no.
Vote: NO. Closing noglsa.