Date: Sat, 17 Jun 2000 00:00:06 +0200 To: zope-announce@zope.org, debian-devel@lists.debian.org Subject: ANN: Debian Zope security release (2.1.6-5) From: Gregor Hoffleit <gregor@hoffleit.de> --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I have prepared a security release of the Zope 2.1.6 Debian package in order to fix the DTML vulnerability in Zope reported yesterday (cf. http://yyy.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert), The new package is currently in Debian's incoming queue. The temporary URL is http://incoming.debian.org/zope_2.1.6-5_i386.deb Hopefully it will be moved into potato and woody by the release manager RSN. Please read the security alert mentioned above and consider upgrading your site to 2.1.6-5. The package fixes the possible exploit by including the Hotfix_06_16_2000 product. If you install 2.1.6-5, you don't need to install the Hotfix nor apply DT_String.py.diff nor do you need to upgrade to 2.1.7. Gregor Hoffleit <flight@debian.org> --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5SqNl3eVfDf25G40RAlyDAKC1S4yEwT2LtcDCvskm2txQJoQKbwCeK/2U srYzuRB83xT+1V3KJUncjKo= =YiW5 -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- -- To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org