Summary: | net-zope/zope <2.9.10 <2.10.7 PythonScripts Denial of Service (CVE-2008-5102) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-zope+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-11-11 16:37:19 UTC
Tupone, do these contain the fix? *zope-2.10.7 (10 Nov 2008) *zope-2.9.10 (10 Nov 2008) 10 Nov 2008; Tupone Alfredo <tupone@gentoo.org> +zope-2.9.10.ebuild, +zope-2.10.7.ebuild: Version bump to 2.9.10 and 2.10.7. Yes. They do! Arches, please test and mark stable: =net-zope/zope-2.9.10 =net-zope/zope-2.10.7 Target keywords : "alpha amd64 ppc sparc x86" amd64/x86 stable ppc stable alpha/sparc stable Ready for voting. CVE-2008-5102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5102): PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. I vote NO. Manager can shutdown application? NO! |