Branches for Hardy

Author: Matthias Klose
Revision Date: 2008-04-09 12:32:52 UTC

Set the egg version for zope.interface to 3.3.1. LP: #185418.

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:47:03 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.3.1/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.3.1/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.3.1/ZEO/StorageServer.py.
  - No CVE

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:47:03 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.3.1/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.3.1/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.3.1/ZEO/StorageServer.py.
  - No CVE