[Zope-Annce] ANN: Debian Zope security release (2.1.6-5)

Gregor Hoffleit gregor@hoffleit.de
Sat, 17 Jun 2000 00:00:06 +0200


--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I have prepared a security release of the Zope 2.1.6 Debian package
in order to fix the DTML vulnerability in Zope reported yesterday
(cf. http://yyy.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert),

The new package is currently in Debian's incoming queue. The temporary URL
is
    http://incoming.debian.org/zope_2.1.6-5_i386.deb

Hopefully it will be moved into potato and woody by the release manager RSN.


Please read the security alert mentioned above and consider upgrading your
site to 2.1.6-5.

The package fixes the possible exploit by including the Hotfix_06_16_2000
product. If you install 2.1.6-5, you don't need to install the Hotfix nor
apply DT_String.py.diff nor do you need to upgrade to 2.1.7.


    Gregor Hoffleit <flight@debian.org>

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5SqNl3eVfDf25G40RAlyDAKC1S4yEwT2LtcDCvskm2txQJoQKbwCeK/2U
srYzuRB83xT+1V3KJUncjKo=
=YiW5
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--