Bug 706932 - VUL-0: potential zope issue?
VUL-0: potential zope issue?
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
Other Other
: P5 - None : Major
: ---
Assigned To: Ruediger Oertel
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2011-07-20 08:23 UTC by Sebastian Krahmer
Modified: 2011-08-02 15:11 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2011-07-20 08:23:45 UTC
Via CVE diff script:

Name: CVE-2011-2528

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x
+and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via
+unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because
+of an incorrect fix for CVE-2011-0720.

Reference: MLIST: https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=718824
Reference: MLIST: http://www.openwall.com/lists/oss-security/2011/07/12/9
Reference: MLIST: http://www.openwall.com/lists/oss-security/2011/07/04/6
Reference: SECUNIA: http://secunia.com/advisories/45111
Reference: SECUNIA: http://secunia.com/advisories/45056
Reference: CONFIRM: http://plone.org/products/plone/security/advisories/20110622
Reference: CONFIRM: http://plone.org/products/plone-hotfix/releases/20110622
Comment 3 Ruediger Oertel 2011-08-01 23:36:20 UTC
code9: zope 2.7.7
code10: zope 2.7.8 and zope3 3.1.0
Comment 4 Ruediger Oertel 2011-08-01 23:37:10 UTC
no affected version shipped, can I close this one ?
Comment 5 Thomas Biege 2011-08-02 15:10:38 UTC
yes, thanks
Comment 6 Thomas Biege 2011-08-02 15:11:11 UTC
doesnt affect us