[Checkins] SVN: Products.Hotfix_20060705/ Hotfix for docutils
vulnerability.
Tres Seaver
tseaver at palladion.com
Wed Jul 5 16:39:48 EDT 2006
Log message for revision 68986:
Hotfix for docutils vulnerability.
Changed:
A Products.Hotfix_20060705/
A Products.Hotfix_20060705/README.txt
A Products.Hotfix_20060705/__init__.py
A Products.Hotfix_20060705/version.txt
-=-
Added: Products.Hotfix_20060705/README.txt
===================================================================
--- Products.Hotfix_20060705/README.txt 2006-07-05 20:26:25 UTC (rev 68985)
+++ Products.Hotfix_20060705/README.txt 2006-07-05 20:39:48 UTC (rev 68986)
@@ -0,0 +1,18 @@
+Hotfix-20060705 README
+======================
+
+This hotfix corrects an information disclosure vulnerability in Zope2, due to Zope2's
+use of the docutils module to parse and rend "restructured text".
+
+Sites which allow untrusted users to create restructured text as through-the-web
+content should upgrade to a version of Zope2 more recent than this hotfix.
+
+Affected Versions
+-----------------
+
+ - Zope 2.7.0 - 2.7.8
+
+ - Zope 2.8.0 - 2.8.7
+
+ - Zope 2.9.0 - 2.9.2
+
Property changes on: Products.Hotfix_20060705/README.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: Products.Hotfix_20060705/__init__.py
===================================================================
--- Products.Hotfix_20060705/__init__.py 2006-07-05 20:26:25 UTC (rev 68985)
+++ Products.Hotfix_20060705/__init__.py 2006-07-05 20:39:48 UTC (rev 68986)
@@ -0,0 +1,10 @@
+""" Hotfix_20060705
+
+Disable reStructuredText's 'raw' and 'include' directives, because they allow
+for information disclosuer and other nastiness.
+
+$Id$
+"""
+from docutils.parsers.rst.directives import misc
+del misc.raw
+del misc.include;
Property changes on: Products.Hotfix_20060705/__init__.py
___________________________________________________________________
Name: svn:keywords
+ Id
Name: svn:eol-style
+ native
Added: Products.Hotfix_20060705/version.txt
===================================================================
--- Products.Hotfix_20060705/version.txt 2006-07-05 20:26:25 UTC (rev 68985)
+++ Products.Hotfix_20060705/version.txt 2006-07-05 20:39:48 UTC (rev 68986)
@@ -0,0 +1 @@
+Hotfix_20060705
Property changes on: Products.Hotfix_20060705/version.txt
___________________________________________________________________
Name: svn:eol-style
+ native
More information about the Checkins
mailing list