Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Zope DTML Role Issue

From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Fri, 22 Dec 2000 09:42:21 -0200
Em Fri, Dec 22, 2000 at 12:26:37AM -0800, Hal Flynn escreveu:

For those of you that haven't seen it, this is the advisory that came
across the zope list regarding the DTML role issue.

*** Begin Advisory ***

Brian Lloyd brian () digicool com
Fri, 8 Dec 2000 15:48:52 -0500


Hi all,

Aleksander Salwa has brought a security issue to our attention
that affects all Zope versions up to and including Zope 2.2.4.


(snip)


o http://www.zope.org/Products/Zope/Hotfix_2000-12-08/Hotfix_2000-12-08.tgz

We *highly* recommend that any Zope site running versions of
Zope up to and including 2.2.4  have this hotfix product installed
to mitigate the issue.


The README (and the advisory, which you can still find at
http://www.zope.org/ZopeNews?query_start=11 around the middle of
the page) has been updated to say that only Zope-2.2.0 and up
are affected, which was not exactly clear from the original advisory.

http://www.zope.org/Products/Zope/Hotfix_2000-12-08/README.txt
Previous By Date Next
Previous By Thread Next

Current thread: