[Zope-Annce] UPDATE: cgi.py vulnerability hotfix for Zope...
Thu, 26 Jul 2001 10:02:42 -0400
The reported problem with this hotfix and Zope 2.4 has been resolved,
and the file has been updated on www.zope.org at the URL mentioned in
the original announcement:
Brian Lloyd wrote:
> This hotfix addresses a potential denial-of-service vulnerability
> in applications that use the Python cgi module (cgi.py) for parsing
> of "multipart" Web form data (Zope uses this functionality internally).
> More detailed information is available in the Python bug tracker at
> While we are not aware of any instances of abuse of this
> vulnerability, we *highly* recommend that any Zope site running versions
> of Zope up to and including 2.4.0 have this hotfix product installed
> to mitigate this issue. (Zope 2.4.1 will not require the
> installation of a separate hotfix).