Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
Summary: CVE-2006-3458: Zope local information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://www.zope.org/Products/Zope/Hotfix-2006-07- 05/Hotfix-20060705/README.txt OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: zope AssignedTo: gauret@free.fr ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: extras-qa@fedoraproject.org,fedora-security- list@redhat.com
Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text".
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.t...
Based on the version numbers, all FC-3+ appear to be vulnerable.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
gauret@free.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE
------- Additional Comments From gauret@free.fr 2006-07-12 07:08 EST ------- Hotfix added and published from FC-3 to rawhide, thanks
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
ville.skytta@iki.fi changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Keywords| |Reopened Resolution|NEXTRELEASE |
------- Additional Comments From ville.skytta@iki.fi 2006-09-26 14:22 EST ------- Looks like some additional closely related issues were found after the 2006-07-05 hotfix, FE-3 and FE-4 seem affected:
http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.t...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
------- Additional Comments From gauret@free.fr 2006-09-28 13:12 EST ------- I have no FC3 or FC4 box available, so I can't test it. On top of that, FC4 is not supported anymore, so I guess it's more of a job for Legacy.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
------- Additional Comments From tibbs@math.uh.edu 2006-09-28 15:52 EST ------- Why would this be a job for Legacy? They've never handled Extras packages, nor do they intend to.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
------- Additional Comments From gauret@free.fr 2006-09-28 16:28 EST ------- I thought this has been discussed at some point. OK, I'm willing to add the hotfix, but someone needs to test the package on those distros
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
stickster@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|gauret@free.fr |extras- | |orphan@fedoraproject.org
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
stickster@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|extras- |jonathansteffan@gmail.com |orphan@fedoraproject.org |
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
jonathansteffan@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE
------- Additional Comments From jonathansteffan@gmail.com 2006-11-22 19:53 EST ------- Hot has been applied for some time. Closing bug.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
------- Additional Comments From ville.skytta@iki.fi 2006-11-23 11:30 EST ------- FWIW, it doesn't seem to me that zope in FE-3 and FE-4 would have been fixed. See comment 2.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-3458: Zope local information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
------- Additional Comments From jonathansteffan@gmail.com 2006-11-23 16:00 EST ------- Hotfix 20060821 applied.
security@lists.fedoraproject.org