Branches for Dapper

Author: Matthias Klose
Revision Date: 2006-04-07 21:34:01 UTC

Synchronize with Debian unstable.

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:55:17 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.2.1/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py.
  - No CVE

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:55:17 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.2.1/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.2.1/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.2.1/ZEO/StorageServer.py.
  - No CVE