|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Zope DTML Role Issue
From: Andreas Hasenack (andreas
CONECTIVA.COM.BR)Date: Fri Dec 22 2000 - 05:42:21 CST
- Next message: Juergen P. Meier: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Previous message: Juan Manuel Pascual Escriba: "vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7"
- In reply to: Hal Flynn: "Zope DTML Role Issue"
- Reply: Andreas Hasenack: "Re: Zope DTML Role Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Em Fri, Dec 22, 2000 at 12:26:37AM -0800, Hal Flynn escreveu:
> For those of you that haven't seen it, this is the advisory that came
> across the zope list regarding the DTML role issue.
>
> *** Begin Advisory ***
>
> Brian Lloyd briandigicool.com
> Fri, 8 Dec 2000 15:48:52 -0500
>
>
> Hi all,
>
> Aleksander Salwa has brought a security issue to our attention
> that affects all Zope versions up to and including Zope 2.2.4.
(snip)
> o http://www.zope.org/Products/Zope/Hotfix_2000-12-08/Hotfix_2000-12-08.tgz
>
> We *highly* recommend that any Zope site running versions of
> Zope up to and including 2.2.4 have this hotfix product installed
> to mitigate the issue.
The README (and the advisory, which you can still find at
http://www.zope.org/ZopeNews?query_start=11 around the middle of
the page) has been updated to say that only Zope-2.2.0 and up
are affected, which was not exactly clear from the original advisory.
http://www.zope.org/Products/Zope/Hotfix_2000-12-08/README.txt
- Next message: Juergen P. Meier: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Previous message: Juan Manuel Pascual Escriba: "vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7"
- In reply to: Hal Flynn: "Zope DTML Role Issue"
- Reply: Andreas Hasenack: "Re: Zope DTML Role Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]