Red Hat Bugzilla – Bug 198106
CVE-2006-3458: Zope local information disclosure
Last modified: 2007-11-30 17:11:37 EST
Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to
2.9.3 (Zope2) allows local users to obtain sensitive information via unknown
attack vectors related to the docutils module and "restructured text".
Based on the version numbers, all FC-3+ appear to be vulnerable.
Hotfix added and published from FC-3 to rawhide, thanks
Looks like some additional closely related issues were found after the
2006-07-05 hotfix, FE-3 and FE-4 seem affected:
I have no FC3 or FC4 box available, so I can't test it.
On top of that, FC4 is not supported anymore, so I guess it's more of a job for
Why would this be a job for Legacy? They've never handled Extras packages, nor
do they intend to.
I thought this has been discussed at some point.
OK, I'm willing to add the hotfix, but someone needs to test the package on
Hot has been applied for some time. Closing bug.
FWIW, it doesn't seem to me that zope in FE-3 and FE-4 would have been fixed.
See comment 2.
Hotfix 20060821 applied.