diff options
| author | Gabor Kovesdan <gabor@FreeBSD.org> | 2006-12-27 16:37:14 +0000 |
|---|---|---|
| committer | Gabor Kovesdan <gabor@FreeBSD.org> | 2006-12-27 16:37:14 +0000 |
| commit | 715b3a38928554c53bfa4fa240d76780ea7a09ef (patch) | |
| tree | 1b4f3adb21eadd393737e7680677d93cfc5f9fcb | |
| parent | - Update the www/zope entry to indicate it is fixed now (diff) | |
- Document www/plone vulnerability
Reviewed by: simon
Approved by: erwin (mentor)
Notes
Notes:
svn path=/head/; revision=180871
| -rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 17d2b57b8d62..aaa73d842cf3 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,35 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f4ff7434-9505-11db-9ddc-0011098b2f36"> + <topic>plone -- user can masquerade as a group</topic> + <affects> + <package> + <name>plone</name> + <range><gt>2.5</gt><lt>2.5.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Plone.org reports:</p> + <blockquote cite="http://plone.org/products/plone-hotfix/releases/20061031"> + <p>PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) has a + potential vulnerability that allows a user to masquerade as a group. + Please update your sites.</p> + </blockquote> + </body> + </description> + <references> + <bid>21460</bid> + <cvename>CVE-2006-4249</cvename> + <url>http://plone.org/products/plone-hotfix/releases/20061031</url> + </references> + <dates> + <discovery>2006-11-02</discovery> + <entry>2006-12-27</entry> + </dates> + </vuln> + <vuln vid="3f851b22-89fb-11db-a937-003048116330"> <topic>proftpd -- remote code execution vulnerabilities</topic> <affects> |