CVE-2012-5508

Advisory

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

Affected versions

[This affected versions has been limited. Please create a free account to view the full affected versions.]

Fixed versions

[This fixed versions has been limited. Please create a free account to view the full fixed versions.]

Vulnerability changelog

------------------

- Replace deprecated test assert statements.
[timo]

- Use system random when available. This is part of the fix for
https://plone.org/products/plone/security/advisories/20121106/24
[davisagli]

- Fixed extractCredentials to strip whitespaces around __ac_identity_url.
This fixes http://dev.plone.org/plone/ticket/11044
[datakurre]

Resources

• https://pypi.org/project/plone.openid
• https://pyup.io/changelogs/plone.openid/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5508
• https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
• https://plone.org/products/plone/security/advisories/20121106/24
• https://plone.org/products/plone-hotfix/releases/20121124
• http://www.openwall.com/lists/oss-security/2012/11/10/1
• https://bugs.launchpad.net/zope2/+bug/1071067