[Zope-Checkins] CVS: Zope/doc - CHANGES.txt:1.535.2.154
Tres Seaver
tseaver at zope.com
Thu Jan 8 15:26:29 EST 2004
Update of /cvs-repository/Zope/doc
In directory cvs.zope.org:/tmp/cvs-serv32142/doc
Modified Files:
Tag: Zope-2_6-branch
CHANGES.txt
Log Message:
- Inadequate type checking could allow unicode values passed to
RESPONSE.write() to be passed into deeper layers of asyncore,
where an exception would eventually be generated at a level that
would cause the Zserver main loop to terminate.
=== Zope/doc/CHANGES.txt 1.535.2.153 => 1.535.2.154 ===
--- Zope/doc/CHANGES.txt:1.535.2.153 Thu Jan 8 15:19:33 2004
+++ Zope/doc/CHANGES.txt Thu Jan 8 15:26:27 2004
@@ -8,8 +8,15 @@
Bugs Fixed
- - Automatic bindings for scripts (e.g, 'context', 'container') were not
- being validated before use.
+ - Inadequate type checking could allow unicode values passed to
+ RESPONSE.write() to be passed into deeper layers of asyncore,
+ where an exception would eventually be generated at a level that
+ would cause the Zserver main loop to terminate.
+
+ - The variables bound to page templates and Python scripts such as
+ "context" and "container" were not checked adequately, allowing
+ a script to potentially access those objects without ensuring the
+ necessary permissions on the part of the executing user.
- Enforce new restrictions on untrusted code, identified during
the December 2003 security audit:
More information about the Zope-Checkins
mailing list