Bug 198106 - CVE-2006-3458: Zope local information disclosure
Summary: CVE-2006-3458: Zope local information disclosure
Alias: None
Product: Fedora
Classification: Fedora
Component: zope   
(Show other bugs)
Version: 5
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jonathan Steffan
QA Contact: Fedora Extras Quality Assurance
URL: http://www.zope.org/Products/Zope/Hot...
Keywords: Reopened, Security
Depends On:
TreeView+ depends on / blocked
Reported: 2006-07-09 18:50 UTC by Ville Skyttä
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-23 00:53:32 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ville Skyttä 2006-07-09 18:50:45 UTC
Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to
2.9.3 (Zope2) allows local users to obtain sensitive information via unknown
attack vectors related to the docutils module and "restructured text".


Based on the version numbers, all FC-3+ appear to be vulnerable.

Comment 1 Aurelien Bompard 2006-07-12 11:08:29 UTC
Hotfix added and published from FC-3 to rawhide, thanks

Comment 2 Ville Skyttä 2006-09-26 18:22:14 UTC
Looks like some additional closely related issues were found after the
2006-07-05 hotfix, FE-3 and FE-4 seem affected:


Comment 3 Aurelien Bompard 2006-09-28 17:12:54 UTC
I have no FC3 or FC4 box available, so I can't test it.
On top of that, FC4 is not supported anymore, so I guess it's more of a job for

Comment 4 Jason Tibbitts 2006-09-28 19:52:48 UTC
Why would this be a job for Legacy?  They've never handled Extras packages, nor
do they intend to.

Comment 5 Aurelien Bompard 2006-09-28 20:28:38 UTC
I thought this has been discussed at some point.
OK, I'm willing to add the hotfix, but someone needs to test the package on
those distros

Comment 6 Jonathan Steffan 2006-11-23 00:53:32 UTC
Hot has been applied for some time. Closing bug.

Comment 7 Ville Skyttä 2006-11-23 16:30:50 UTC
FWIW, it doesn't seem to me that zope in FE-3 and FE-4 would have been fixed. 
See comment 2.

Comment 8 Jonathan Steffan 2006-11-23 21:00:28 UTC
Hotfix 20060821 applied.

Note You need to log in before you can comment on or make changes to this bug.