Debian Security Advisory
DSA-007-1 zope -- insufficient protection
- Date Reported:
- 20 Dec 2000
- Affected Packages:
- zope
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
- A busy week for the Zope team: on Monday another security
alert was released revealing a potential problem found by Peter Kelly. This
problem involved incorrect protection of data updating for Image and File
objects: any user with DTML editing privileges could update the File or Image
object data directly.
This has been fixed in version 2.1.6-5.4 by including the 2000-12-19 hotfix, and we recommend that you upgrade your zope package immediately.
- Fixed in:
-
Debian 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-5.4.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-5.4.dsc
-
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6.orig.tar.gz
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/zope_2.1.6-5.4_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/zope_2.1.6-5.4_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/zope_2.1.6-5.4_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/zope_2.1.6-5.4_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zope_2.1.6-5.4_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/zope_2.1.6-5.4_sparc.deb