Branches for Jaunty

Author: Michael Vogt
Revision Date: 2009-03-25 17:59:15 UTC

fix undeclared file conflicts that cause python-central to
error in postinst (LP: #347939)

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:39:22 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.4.0/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.4.0/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.4.0/ZEO/StorageServer.py.
  - No CVE
* debian/patches/deb-zopeconf.dpatch: fix typo so ZOPE_USER is properly
  defined. (LP: #356137)

Author: Marc Deslauriers
Revision Date: 2009-10-13 13:39:22 UTC

* SECURITY UPDATE: arbitrary code execution via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: introduce
    ServerMarshaller() and server_find_global() in
    Dependencies/ZEO-Zope-3.4.0/ZEO/zrpc/{marshal.py,connection.py}.
  - CVE-2009-0668
* SECURITY UPDATE: authentication bypass via ZEO network protocol
  - debian/patches/security-CVE-2009-066x.dpatch: make finish_auth()
    private in Dependencies/ZEO-Zope-3.4.0/ZEO/{auth/auth_digest.py,
    StorageServer.py, tests/auth_plaintext.py}.
  - CVE-2009-0669
* SECURITY UPDATE: denial of service via too many new object identifiers
  - debian/patches/security-CVE-2009-066x.dpatch: limit new oids to 100
    in Dependencies/ZEO-Zope-3.4.0/ZEO/StorageServer.py.
  - No CVE
* debian/patches/deb-zopeconf.dpatch: fix typo so ZOPE_USER is properly
  defined. (LP: #356137)