CVE-2007-5741

NameCVE-2007-5741
DescriptionPlone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1405-1, DSA-1405-2
Debian Bugs449523

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zope-cmfplonesourcesarge(not affected)
zope-cmfplonesourceetch2.5.1-4etch2DSA-1405-2
zope-cmfplonesource(unstable)2.5.2-2449523

Notes

[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
Fix available:
http://plone.org/about/security/advisories/cve-2007-5741
Search for package or bug name: Reporting problems