I have prepared a security release of the Zope 2.1.6 Debian package in order to fix the DTML vulnerability in Zope reported yesterday (cf. http://yyy.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert), The new package is currently in Debian's incoming queue. The temporary URL is http://incoming.debian.org/zope_2.1.6-5_i386.deb Hopefully it will be moved into potato and woody by the release manager RSN. Please read the security alert mentioned above and consider upgrading your site to 2.1.6-5. The package fixes the possible exploit by including the Hotfix_06_16_2000 product. If you install 2.1.6-5, you don't need to install the Hotfix nor apply DT_String.py.diff nor do you need to upgrade to 2.1.7. Gregor Hoffleit <flight@debian.org>
Attachment:
pgpAlMAbXEBdZ.pgp
Description: PGP signature