[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

zope2.7 security fix (for bug 334055)

hi everybody

I have (hopefully) fixed the bug 334055 of  zope2.7, that is  a security alert.

Note that my patch is much smaller than the original hotfix,
which included also some new features such as nl and ca languages -
- but usually we do not add new features in Debian when releasing security

--------- testing

This is the updated binary for testing/etch

I will not upload it to secure-testing-master since it violates point 1 at
"Only upload changes that have already been made in unstable."
People in the pkg-zope-team are  introducing in unstable a completely
different zope framework.

--------- sarge

This is the proposed update for stable/sarge :
unfortunately I do not have available a clean sarge environment, so
you have to compile it.

This is the diff w.r.t the older version

Warning: do not apply that patch to the installed files of zope2.7,
it will not work. Compile the above source, or help me use a sarge buildd.


ps: I wrote to the security team asking info on the sarge upload, never
 got an answer.  Question: can I upload a source-only to sarge-security?

ps2: I would also appreciate if someone who understands what 334055 is about
 would compile and test my fix to see if it really works.

Andrea Mennucc
 "E' un mondo difficile. Che vita intensa!" (Tonino Carotone)

Attachment: signature.asc
Description: Digital signature

Reply to: