CVE-2006-3458

Publication date 7 July 2006

Last updated 24 July 2024


Ubuntu priority

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Status

Package Ubuntu Release Status
zope2.10 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
zope2.9 7.04 feisty
Fixed 2.9.5-1
6.10 edgy
Fixed 2.9.5-1
6.06 LTS dapper Ignored end of life, was needed

References

Related Ubuntu Security Notices (USN)

    • USN-317-1
    • zope2.8 vulnerability
    • 13 July 2006

Other references