Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <509A8CBD.7000400@plone.org>
Date: Wed, 07 Nov 2012 16:30:53 +0000
From: Matthew Wilkes <matthew.wilkes@...ne.org>
To: Jan Lieskovsky <jlieskov@...hat.com>
CC: oss-security@...ts.openwall.com, 
 "Steven M. Christey" <coley@...us.mitre.org>,
 Jan Pokorny <jpokorny@...hat.com>, 
 Plone Security Team <security@...ne.org>,
 Mitre CVE assign department <cve-assign@...re.org>
Subject: Re: CVE Request - Zope / Plone: Multiple vectors corrected within
 20121106 fix

Hi *,

Jan has asked me for a breakdown of what patches in our bulk hotfix 
relate to what issues, so here you go:

https://plone.org/products/plone/security/advisories/20121106/01 - 
registerConfiglet.py
https://plone.org/products/plone/security/advisories/20121106/02 - 
setHeader.py
https://plone.org/products/plone/security/advisories/20121106/03 - 
allowmodule.py
https://plone.org/products/plone/security/advisories/20121106/04 - 
python_scripts.py createObject
https://plone.org/products/plone/security/advisories/20121106/05 - 
get_request_var_or_attr.py
https://plone.org/products/plone/security/advisories/20121106/06 - 
kssdevel.py
https://plone.org/products/plone/security/advisories/20121106/07 - 
widget_traversal.py
https://plone.org/products/plone/security/advisories/20121106/08 - 
uid_catalog.py
https://plone.org/products/plone/security/advisories/20121106/09 - gtbn.py
https://plone.org/products/plone/security/advisories/20121106/10 - 
python_scripts.py {u,}translate
https://plone.org/products/plone/security/advisories/20121106/11 - 
python_scripts.py go_back
https://plone.org/products/plone/security/advisories/20121106/12 - 
kupu_spellcheck.py
https://plone.org/products/plone/security/advisories/20121106/13 - 
membership_tool.py
https://plone.org/products/plone/security/advisories/20121106/14 - 
queryCatalog.py
https://plone.org/products/plone/security/advisories/20121106/15 - 
python_scripts.py formatColumns
https://plone.org/products/plone/security/advisories/20121106/16 - 
renameObjectsByPaths.py
https://plone.org/products/plone/security/advisories/20121106/17 - 
at_download.py
https://plone.org/products/plone/security/advisories/20121106/18 - 
safe_html.py
https://plone.org/products/plone/security/advisories/20121106/19 - ftp.py
https://plone.org/products/plone/security/advisories/20121106/20 - 
widget_traversal.py
https://plone.org/products/plone/security/advisories/20121106/21 - atat.py
https://plone.org/products/plone/security/advisories/20121106/22 - 
python_scripts.py
https://plone.org/products/plone/security/advisories/20121106/23 - 
django_crypto.py
https://plone.org/products/plone/security/advisories/20121106/24 - 
random_string


> =>  preliminary 24 CVE ids needed.

Once we get twenty four assigned I'll match them against this list in 
the same order.

Matt

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.