Bugzilla – Bug 706932
VUL-0: potential zope issue?
Last modified: 2011-08-02 15:11:11 UTC
Via CVE diff script:
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x
+and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via
+unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because
+of an incorrect fix for CVE-2011-0720.
Reference: MLIST: https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=718824
Reference: MLIST: http://www.openwall.com/lists/oss-security/2011/07/12/9
Reference: MLIST: http://www.openwall.com/lists/oss-security/2011/07/04/6
Reference: SECUNIA: http://secunia.com/advisories/45111
Reference: SECUNIA: http://secunia.com/advisories/45056
Reference: CONFIRM: http://plone.org/products/plone/security/advisories/20110622
Reference: CONFIRM: http://plone.org/products/plone-hotfix/releases/20110622
code9: zope 2.7.7
code10: zope 2.7.8 and zope3 3.1.0
no affected version shipped, can I close this one ?
doesnt affect us