CVE-2009-0668

Name	CVE-2009-0668
Description	Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1863-1, DSA-2234-1
Debian Bugs	540462, 540463, 540464, 540465

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
zodb (PTS)	buster	1:3.10.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
zodb	source	lenny	1:3.6.0-2+lenny3		DSA-2234-1
zodb	source	(unstable)	1:3.8.2-1	medium		540465
zope2.10	source	lenny	2.10.6-1+lenny1		DSA-1863-1
zope2.10	source	(unstable)	2.10.9-1	medium		540464
zope2.11	source	(unstable)	2.11.4-1	medium		540463
zope2.9	source	etch	2.9.6-4etch2		DSA-1863-1
zope2.9	source	(unstable)	(unfixed)
zope3	source	(unstable)	(unfixed)	medium		540462