Accepted zope2.12 2.12.26-1 (source amd64 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 06 Mar 2013 18:46:14 +0900
Source: zope2.12
Binary: zope2.12 zope2.12-sandbox
Architecture: source amd64 all
Version: 2.12.26-1
Distribution: unstable
Urgency: high
Maintainer: Debian/Ubuntu Zope Team <pkg-zope-developers@lists.alioth.debian.org>
Changed-By: Arnaud Fontaine <arnau@debian.org>
Description:
zope2.12 - Open Source Web Application Server
zope2.12-sandbox - sandbox instance for the zope2.12 web application server
Closes: 656552 692899
Changes:
zope2.12 (2.12.26-1) unstable; urgency=high
.
* New upstream release. Closes: #692899.
+ Fix Reflexive HTTP header injection (CVE-2012-5486).
+ Fix Timing attack in password validation (CVE-2012-5507).
+ Fix PRNG which wasn't reseeded (CVE-2012-5508).
* debian/patches/CVE-2012-5505.patch:
+ Fix Attempting to access a view with no name returns an internal
data structure (CVE-2012-5505). Thanks to Tres Seaver. Closes: #692899.
* debian/control:
+ Bump zope.common required version as the debconf template
has been updated. Closes: #656552.
* debian/rules:
+ As dh_python (>= 2.7.3-1) rewrites shebangs by default, overriding
dh_auto_install to fix shebangs does not work anymore as dh_python2 is
called afterwards, instead use dh_python2 to rewrite them.
- debian/control: bump python Build-Depends.
- Drop now useless ZODB3-fix_shebang.patch.
Checksums-Sha1:
72498242056be8859d051251d85005251aafbf59 1528 zope2.12_2.12.26-1.dsc
2868c0bcb81acd9d8c1a49a154ffcfae49ccdd7c 6022051 zope2.12_2.12.26.orig.tar.gz
ef3d25b19cd77dad1ef84f59f0381fc7223e57eb 32532 zope2.12_2.12.26-1.debian.tar.gz
cbfee63c32966528aadfdd096fed70712a264598 5416146 zope2.12_2.12.26-1_amd64.deb
a466f71c5d2d1911044bfbc68b850aedf393e9fb 26414 zope2.12-sandbox_2.12.26-1_all.deb
Checksums-Sha256:
97b87a1ffbb0f45ef7bd66bf0b6e6f9cc5d104e40649c5537497cbbab6679ca5 1528 zope2.12_2.12.26-1.dsc
74105e35664c2a71fb16ac932fb71dd46e098b41b369908a884f885a25d2b35a 6022051 zope2.12_2.12.26.orig.tar.gz
59d713b0356bcf5ed2f4da67f70dfdbf72975db115780140e88c0eda746bbc16 32532 zope2.12_2.12.26-1.debian.tar.gz
2911bccccddf1001d4164ec6ca4857ce0dfccdb8bfef15e42b1c1bfdc2b1808d 5416146 zope2.12_2.12.26-1_amd64.deb
a081b39090ef313723ae77b6d3eed38851a0f47e6147f0359aaa163bcd7f2527 26414 zope2.12-sandbox_2.12.26-1_all.deb
Files:
0fa05fb02eb199588b9583427b9694dc 1528 zope optional zope2.12_2.12.26-1.dsc
01de0d09d88edbfe601330f328622ce3 6022051 zope optional zope2.12_2.12.26.orig.tar.gz
cecfa4fd124db3de12c2fda1ab36138d 32532 zope optional zope2.12_2.12.26-1.debian.tar.gz
14fbecdbaa94ffceb451a33a86c2108c 5416146 zope optional zope2.12_2.12.26-1_amd64.deb
80e45a44f29995b0cdab8cc3ea7614d2 26414 zope optional zope2.12-sandbox_2.12.26-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlE3EqQACgkQvfKiIF42GdOxUwCfQq0lWmTtSGXb+xLN5JbLn1TR
7LMAn3yDU9zN9n1CJ/tswT0XyhNxVMfz
=SRO9
-----END PGP SIGNATURE-----