Summary: | <net-zope/ldapuserfolder-2.20 authentication bypass (CVE-2010-2944) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | net-zope+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/41022 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2010-08-24 21:03:08 UTC
@net-zope, thoughts? I could not find a fixed version from the upstream, but there appears to be a one-line fix in the debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593466. Vulnerable ebuilds have been removed from the tree. Please don't close security bugs. Fixed in 2.20 according to http://pypi.python.org/pypi/Products.LDAPUserFolder#id1. |