[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: zope-ldapuser
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-08-19 19:53:29
Message-ID: 394439939.1007701282247609910.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]


----- "Sébastien Delafond" <seb@debian.org> wrote:

> Hi,
> 
> there is an authentication probleme in zope-ldapuser, where any
> password
> is accepted when attempting to log in as the emergency user (as
> defined
> in zpasswd.py). See Debian bug 593466[0] for the corresponding patch.
> 
> 
> [0] http://bugs.debian.org/593466

The debian bug has lots more info.

Please use CVE-2010-2944

Thanks.

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]