From owner-freebsd-vuxml@FreeBSD.ORG  Thu Oct 19 19:52:24 2006
Return-Path: <owner-freebsd-vuxml@FreeBSD.ORG>
X-Original-To: freebsd-vuxml@freebsd.org
Delivered-To: freebsd-vuxml@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ABE1A16A407
	for <freebsd-vuxml@freebsd.org>; Thu, 19 Oct 2006 19:52:24 +0000 (UTC)
	(envelope-from infofarmer@gmail.com)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8383B43D67
	for <freebsd-vuxml@freebsd.org>; Thu, 19 Oct 2006 19:52:12 +0000 (GMT)
	(envelope-from infofarmer@gmail.com)
Received: by ug-out-1314.google.com with SMTP id m2so484338uge
	for <freebsd-vuxml@freebsd.org>; Thu, 19 Oct 2006 12:52:12 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
	b=Vq2AEjS0W0UGu4XLO/Vc6lS0AWRqKqt/ZxUJ3JXx0Bzde7WTdAd2pgY2833BKaXJ9QIWx+udthE1UZ1sZI1K03yygPs4GSoQwHvFlMCAhLVNyMNCMp9gxdI4UhxFrj1gPm0S18kk9kWO61+5zCDZuxpKVD+kl/s4wtD0pRvAeVs=
Received: by 10.78.200.3 with SMTP id x3mr478478huf;
	Thu, 19 Oct 2006 12:52:12 -0700 (PDT)
Received: by 10.78.167.16 with HTTP; Thu, 19 Oct 2006 12:52:12 -0700 (PDT)
Message-ID: <cb5206420610191252m124e59c7lb2b1deb2f4c4ad32@mail.gmail.com>
Date: Thu, 19 Oct 2006 23:52:12 +0400
From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
Sender: infofarmer@gmail.com
To: "TAOKA Fumiyoshi" <fmysh@iijmio-mail.jp>
In-Reply-To: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp>
X-Google-Sender-Auth: 9b4c4b040c9537df
Cc: freebsd-vuxml@freebsd.org
Subject: Re: zope -- restructuredText "csv_table" Information Disclosure
X-BeenThere: freebsd-vuxml@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documenting security issues in VuXML <freebsd-vuxml.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-vuxml>
List-Post: <mailto:freebsd-vuxml@freebsd.org>
List-Help: <mailto:freebsd-vuxml-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2006 19:52:24 -0000

On 10/19/06, TAOKA Fumiyoshi <fmysh@iijmio-mail.jp> wrote:
> zope -- restructuredText "csv_table" Information Disclosure
> http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html
>
> It is said that affected packages are zope >= 0 in the VuXML entry.
> While referenced pages in the entry say that they are:
>     Zope 2.7.0 - 2.7.9
>     Zope 2.8.0 - 2.8.8
>
> http://www.securityfocus.com/bid/20022
> http://www.vuxml.org/freebsd/CVE-2006-4684.html
> http://secunia.com/advisories/21947/
> http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/
> README.txt

The vulnerability has been confirmed in these versions,
but as far as we know there are no versions confirmed
to be safe yet. To be on the safe side we never put an
upper limit on version numbers until we know it for
sure.

Thanks!