Moritz Muehlenhoff a écrit : > Package: zope-cmfplone > Severity: grave > Tags: security > Justification: user security hole > > I don't know very much about Plone and I didn't investigate too deeply > as Sarge is not affected, but I suppose this needs to be fixed for Etch: > > http://plone.org/about/security/advisories/cve-2006-4249/ > > | PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) > | has a potential vulnerability that allows a user to > | masquerade as a group. Please update your sites. > > Applying the hotfix is probably preferable to upgrading to 2.5.2.
+1 There's no Plone 2.5.2 release before january, apply the patch is the solution for etch. Regards, -- Encolpe DEGOUTE http://encolpe.degoute.free.fr/ Logiciels libres, hockey sur glace et autres activités cérébrales