{
    "info": {
        "author": "Plone security team",
        "author_email": "security@plone.org",
        "bugtrack_url": null,
        "classifiers": [
            "Framework :: Plone",
            "Framework :: Zope2",
            "Programming Language :: Python"
        ],
        "description": "Plone Hotfix for CVE 2011-0720\n******************************\n\nThis is a critical security hotfix which should be applied to the following\nversions of Plone:\n\n* Plone 4 <= 4.0.3\n* Plone 3 <= 3.3.5\n* Any version of Plone 2.5, 2.1, or 2.0\n\nThis hotfix is not required for Plone >= 4.0.4.\n\nAdditional information about the hotfix including frequently asked questions\nis available at http://plone.org/products/plone/security/advisories/cve-2011-0720\n\nThis hotfix applies the following modifications to improve Plone security:\n\n* Applies security declarations to some methods that were missing them, in order\n  to address the vulnerability identified in `CVE 2011-0720`_. The vulnerability\n  discussed there affects Plone 2.5 and greater.\n* Applies security declarations and removal of docstrings to some additional\n  methods that were identified by the Plone security team in an audit following\n  the identification of CVE 2011-0720. This includes some methods present in Plone\n  2.0 and 2.1.\n* If necessary, applies a patch to the ZPublisher to fix an issue with the checking\n  of whether traversed methods are publishable. This issue affects Plone 3.0 and\n  higher, and is also available in the following new Zope2 releases:\n  2.10.13, 2.11.8, 2.12.15, 2.13.4\n\n.. _`CVE 2011-0720`: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0720\n\n\nInstallation\n============\n\nInstallation instructions can be found at\nhttp://plone.org/products/plone-hotfix/releases/CVE-2011-0720\n\nChangelog\n=========\n\n1.2 (2011-02-26)\n----------------\n\nNote: This release does not provide additional security compared to the 1.0 and\n1.1 releases. It merely fixes an issue that prevented respecting placefully\nassigned roles in some cases. Therefore it is an optional upgrade unless you've\nexperienced this issue.\n\n- Protect methods with PermissionRoles rather than hardcoded lists of roles, so\n  that Zope will respect placeful assignments of roles to permissions.\n  [davisagli]\n\n- Clarify the info that is printed on startup so that people don't worry about\n  the fact that their Zope versions wasn't identified.\n  [davisagli]\n\n1.1 (2011-02-08)\n----------------\n\nNote: This release does not provide additional security compared to the 1.0\nrelease. It merely fixes 2 installation issues. If 1.0 installed fine for you,\nyou do not need to update.\n\n- Try 2 ways to delete the docstring as we had one report of the way we were\n  using not working (thanks Andrew Mleczko for the report).\n  [davisagli]\n\n- Fix issue with application to some recent revisions of Zope 2.10. Thanks to\n  Ethan Jucovy for calling this to our attention.\n  [davisagli]\n\n1.0 (2011-02-08)\n----------------\n\n- Initial release\n  [Plone security team]",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "UNKNOWN",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "http://plone.org/products/plone/security/advisories/cve-2011-0720",
        "keywords": "security hotfix patch",
        "license": "GPL",
        "maintainer": null,
        "maintainer_email": null,
        "name": "Products.PloneHotfix20110720",
        "package_url": "https://pypi.org/project/Products.PloneHotfix20110720/",
        "platform": "UNKNOWN",
        "project_url": "https://pypi.org/project/Products.PloneHotfix20110720/",
        "project_urls": {
            "Download": "UNKNOWN",
            "Homepage": "http://plone.org/products/plone/security/advisories/cve-2011-0720"
        },
        "release_url": "https://pypi.org/project/Products.PloneHotfix20110720/1.2/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "Plone security hotfix addressing CVE 2011-0720",
        "version": "1.2"
    },
    "last_serial": 785079,
    "releases": {
        "1.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "b2b03cf5f9d9819f8e13f7eb35684aa9",
                    "sha256": "5ffe39727a3117d2f4ae60b30771b2599c4ca92a624ffc7e1266b12f1b099e89"
                },
                "downloads": -1,
                "filename": "Products.PloneHotfix20110720-1.0.zip",
                "has_sig": true,
                "md5_digest": "b2b03cf5f9d9819f8e13f7eb35684aa9",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 9157,
                "upload_time": "2011-02-08T17:20:39",
                "url": "https://files.pythonhosted.org/packages/84/f4/da8915a0130f093e5b05e44e0d369348d23c25e2e9df91f8d635e72e89ab/Products.PloneHotfix20110720-1.0.zip"
            }
        ],
        "1.1": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "c9597200ed21db228d01ffe52a9b80b5",
                    "sha256": "5bbd68db49167fdd18288a885ac7ac918639ab03f99bf18779cabbe196de7a10"
                },
                "downloads": -1,
                "filename": "Products.PloneHotfix20110720-1.1.zip",
                "has_sig": true,
                "md5_digest": "c9597200ed21db228d01ffe52a9b80b5",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 9644,
                "upload_time": "2011-02-08T18:25:23",
                "url": "https://files.pythonhosted.org/packages/09/b7/5c127a1b7245e2ebaccbc6e4b4683c2d80dc5d1633068c1fa2aa4cf4f62d/Products.PloneHotfix20110720-1.1.zip"
            }
        ],
        "1.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "8e2bc370f39c5aafa7ea7ddc81ccfc8f",
                    "sha256": "aa40b0bea88d3c4d201604c8b65ca12791bf6fd3fa9542694f1f2139cb247010"
                },
                "downloads": -1,
                "filename": "Products.PloneHotfix20110720-1.2.zip",
                "has_sig": true,
                "md5_digest": "8e2bc370f39c5aafa7ea7ddc81ccfc8f",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 10643,
                "upload_time": "2011-02-26T19:29:28",
                "url": "https://files.pythonhosted.org/packages/cf/17/ed80608dfb3f22200d706250d55d0b044cb60c97a99426d42f4a2180260b/Products.PloneHotfix20110720-1.2.zip"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "8e2bc370f39c5aafa7ea7ddc81ccfc8f",
                "sha256": "aa40b0bea88d3c4d201604c8b65ca12791bf6fd3fa9542694f1f2139cb247010"
            },
            "downloads": -1,
            "filename": "Products.PloneHotfix20110720-1.2.zip",
            "has_sig": true,
            "md5_digest": "8e2bc370f39c5aafa7ea7ddc81ccfc8f",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 10643,
            "upload_time": "2011-02-26T19:29:28",
            "url": "https://files.pythonhosted.org/packages/cf/17/ed80608dfb3f22200d706250d55d0b044cb60c97a99426d42f4a2180260b/Products.PloneHotfix20110720-1.2.zip"
        }
    ]
}