From owner-freebsd-vuxml@FreeBSD.ORG Thu Oct 19 19:52:24 2006 Return-Path: X-Original-To: freebsd-vuxml@freebsd.org Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE1A16A407 for ; Thu, 19 Oct 2006 19:52:24 +0000 (UTC) (envelope-from infofarmer@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8383B43D67 for ; Thu, 19 Oct 2006 19:52:12 +0000 (GMT) (envelope-from infofarmer@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so484338uge for ; Thu, 19 Oct 2006 12:52:12 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Vq2AEjS0W0UGu4XLO/Vc6lS0AWRqKqt/ZxUJ3JXx0Bzde7WTdAd2pgY2833BKaXJ9QIWx+udthE1UZ1sZI1K03yygPs4GSoQwHvFlMCAhLVNyMNCMp9gxdI4UhxFrj1gPm0S18kk9kWO61+5zCDZuxpKVD+kl/s4wtD0pRvAeVs= Received: by 10.78.200.3 with SMTP id x3mr478478huf; Thu, 19 Oct 2006 12:52:12 -0700 (PDT) Received: by 10.78.167.16 with HTTP; Thu, 19 Oct 2006 12:52:12 -0700 (PDT) Message-ID: Date: Thu, 19 Oct 2006 23:52:12 +0400 From: "Andrew Pantyukhin" Sender: infofarmer@gmail.com To: "TAOKA Fumiyoshi" In-Reply-To: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <2EFE5905-D04D-4D29-BC26-8BC8B5D6AE31@iijmio-mail.jp> X-Google-Sender-Auth: 9b4c4b040c9537df Cc: freebsd-vuxml@freebsd.org Subject: Re: zope -- restructuredText "csv_table" Information Disclosure X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2006 19:52:24 -0000 On 10/19/06, TAOKA Fumiyoshi wrote: > zope -- restructuredText "csv_table" Information Disclosure > http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html > > It is said that affected packages are zope >= 0 in the VuXML entry. > While referenced pages in the entry say that they are: > Zope 2.7.0 - 2.7.9 > Zope 2.8.0 - 2.8.8 > > http://www.securityfocus.com/bid/20022 > http://www.vuxml.org/freebsd/CVE-2006-4684.html > http://secunia.com/advisories/21947/ > http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/ > README.txt The vulnerability has been confirmed in these versions, but as far as we know there are no versions confirmed to be safe yet. To be on the safe side we never put an upper limit on version numbers until we know it for sure. Thanks!