oss-sec mailing list archives
Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
From: Matthew Wilkes <matthew.wilkes () plone org>
Date: Wed, 07 Nov 2012 16:30:53 +0000
Hi *,Jan has asked me for a breakdown of what patches in our bulk hotfix relate to what issues, so here you go:
https://plone.org/products/plone/security/advisories/20121106/01 - registerConfiglet.py https://plone.org/products/plone/security/advisories/20121106/02 - setHeader.py https://plone.org/products/plone/security/advisories/20121106/03 - allowmodule.py https://plone.org/products/plone/security/advisories/20121106/04 - python_scripts.py createObject https://plone.org/products/plone/security/advisories/20121106/05 - get_request_var_or_attr.py https://plone.org/products/plone/security/advisories/20121106/06 - kssdevel.py https://plone.org/products/plone/security/advisories/20121106/07 - widget_traversal.py https://plone.org/products/plone/security/advisories/20121106/08 - uid_catalog.py
https://plone.org/products/plone/security/advisories/20121106/09 - gtbn.pyhttps://plone.org/products/plone/security/advisories/20121106/10 - python_scripts.py {u,}translate https://plone.org/products/plone/security/advisories/20121106/11 - python_scripts.py go_back https://plone.org/products/plone/security/advisories/20121106/12 - kupu_spellcheck.py https://plone.org/products/plone/security/advisories/20121106/13 - membership_tool.py https://plone.org/products/plone/security/advisories/20121106/14 - queryCatalog.py https://plone.org/products/plone/security/advisories/20121106/15 - python_scripts.py formatColumns https://plone.org/products/plone/security/advisories/20121106/16 - renameObjectsByPaths.py https://plone.org/products/plone/security/advisories/20121106/17 - at_download.py https://plone.org/products/plone/security/advisories/20121106/18 - safe_html.py
https://plone.org/products/plone/security/advisories/20121106/19 - ftp.pyhttps://plone.org/products/plone/security/advisories/20121106/20 - widget_traversal.py
https://plone.org/products/plone/security/advisories/20121106/21 - atat.pyhttps://plone.org/products/plone/security/advisories/20121106/22 - python_scripts.py https://plone.org/products/plone/security/advisories/20121106/23 - django_crypto.py https://plone.org/products/plone/security/advisories/20121106/24 - random_string
=> preliminary 24 CVE ids needed.
Once we get twenty four assigned I'll match them against this list in the same order.
Matt
Current thread:
- CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Jan Lieskovsky (Nov 07)
- Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 07)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix cve-assign (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 09)
- RE: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Christey, Steven M. (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
- Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 07)