Bugtraq mailing list archives
Re: Zope DTML Role Issue
From: Andreas Hasenack <andreas () CONECTIVA COM BR>
Date: Fri, 22 Dec 2000 09:42:21 -0200
Em Fri, Dec 22, 2000 at 12:26:37AM -0800, Hal Flynn escreveu:
For those of you that haven't seen it, this is the advisory that came across the zope list regarding the DTML role issue. *** Begin Advisory *** Brian Lloyd brian () digicool com Fri, 8 Dec 2000 15:48:52 -0500 Hi all, Aleksander Salwa has brought a security issue to our attention that affects all Zope versions up to and including Zope 2.2.4.
(snip)
o http://www.zope.org/Products/Zope/Hotfix_2000-12-08/Hotfix_2000-12-08.tgz We *highly* recommend that any Zope site running versions of Zope up to and including 2.2.4 have this hotfix product installed to mitigate the issue.
The README (and the advisory, which you can still find at http://www.zope.org/ZopeNews?query_start=11 around the middle of the page) has been updated to say that only Zope-2.2.0 and up are affected, which was not exactly clear from the original advisory. http://www.zope.org/Products/Zope/Hotfix_2000-12-08/README.txt
Current thread:
- Zope DTML Role Issue Hal Flynn (Dec 22)
- Re: Zope DTML Role Issue Andreas Hasenack (Dec 22)