[Zope-dev] [Zope] Hotfix for security vulnerability
Tres Seaver
tseaver at palladion.com
Tue Oct 25 13:57:54 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/25/2011 07:44 AM, yuppie wrote:
> Laurence Rowe wrote:
>>> This hotfix addresses a serious vulnerability in the Zope2
>>> application server. Affected versions of Zope2 include:
>>>
>>> - - 2.12.x<= 2.12.20
>>>
>>> - - 2.13.x<= 2.13.6
>>>
>>> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
>>
>> Can you confirm whether or not Zope 2.13.6 through 2.13.10 are
>> affected?
>
> They are affected. "2.13.6" seems to be a typo. But AFAICT Plone
> is not affected because it doesn't use the default user folder
> implementation shipped with Zope.
Yuppie is correct on both points.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6mwGIACgkQ+gerLs4ltQ48MwCaA5LjyoIIPIZOGdliV5c8kKs+
teEAoMqrJtdYCOfPjt8UK3Ehq8nh7Jb7
=gk5u
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list