Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209163 Summary: CVE-2006-4247: plone password reset vulnerability Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: urgent Component: plone AssignedTo: gauret@xxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: extras-qa@xxxxxxxxxxxxxxxxx,fedora-security- list@xxxxxxxxxx http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4247 Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." According to info in upstream advisory, 2.5* (FC-5 and devel) are affected, 2.1.* (FC-3 and FC-4) not. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
