[Zope-Checkins] CVS: Zope/doc - CHANGES.txt:1.535.2.154

Tres Seaver tseaver at zope.com
Thu Jan 8 15:26:29 EST 2004


Update of /cvs-repository/Zope/doc
In directory cvs.zope.org:/tmp/cvs-serv32142/doc

Modified Files:
      Tag: Zope-2_6-branch
	CHANGES.txt 
Log Message:


  - Inadequate type checking could allow unicode values passed to 
    RESPONSE.write() to be passed into deeper layers of asyncore, 
    where an exception would eventually be generated at a level that 
    would cause the Zserver main loop to terminate.


=== Zope/doc/CHANGES.txt 1.535.2.153 => 1.535.2.154 ===
--- Zope/doc/CHANGES.txt:1.535.2.153	Thu Jan  8 15:19:33 2004
+++ Zope/doc/CHANGES.txt	Thu Jan  8 15:26:27 2004
@@ -8,8 +8,15 @@
 
     Bugs Fixed
 
-     - Automatic bindings for scripts (e.g, 'context', 'container') were not
-       being validated before use.
+     - Inadequate type checking could allow unicode values passed to 
+       RESPONSE.write() to be passed into deeper layers of asyncore, 
+       where an exception would eventually be generated at a level that 
+       would cause the Zserver main loop to terminate.
+
+     - The variables bound to page templates and Python scripts such as 
+       "context" and "container" were not checked adequately, allowing 
+       a script to potentially access those objects without ensuring the 
+       necessary permissions on the part of the executing user.
 
      - Enforce new restrictions on untrusted code, identified during
        the December 2003 security audit:




More information about the Zope-Checkins mailing list