Branches for Intrepid

Author: Matthias Klose
Revision Date: 2008-06-23 15:10:46 UTC

Merge with Debian (no changes, different source tarball).

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:44:19 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.3.1/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.3.1/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.3.1/ZEO/StorageServer.py.
  - No CVE

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:44:19 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.3.1/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.3.1/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.3.1/ZEO/StorageServer.py.
  - No CVE