Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text". http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt Based on the version numbers, all FC-3+ appear to be vulnerable.
Hotfix added and published from FC-3 to rawhide, thanks
Looks like some additional closely related issues were found after the 2006-07-05 hotfix, FE-3 and FE-4 seem affected: http://www.vuxml.org/freebsd/65a8f773-4a37-11db-a4cc-000a48049292.html http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt
I have no FC3 or FC4 box available, so I can't test it. On top of that, FC4 is not supported anymore, so I guess it's more of a job for Legacy.
Why would this be a job for Legacy? They've never handled Extras packages, nor do they intend to.
I thought this has been discussed at some point. OK, I'm willing to add the hotfix, but someone needs to test the package on those distros
Hot has been applied for some time. Closing bug.
FWIW, it doesn't seem to me that zope in FE-3 and FE-4 would have been fixed. See comment 2.
Hotfix 20060821 applied.