[Zope] ANNOUNCE: cgi.py vulnerability hotfix for Zope...

Brian Lloyd brian@digicool.com
Wed, 25 Jul 2001 16:37:19 -0400


  This hotfix addresses a potential denial-of-service vulnerability
  in applications that use the Python cgi module (cgi.py) for parsing
  of "multipart" Web form data (Zope uses this functionality internally).

  More detailed information is available in the Python bug tracker at
  SourceForge:


http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail&aid=44
3120

  While we are not aware of any instances of abuse of this
  vulnerability, we *highly* recommend that any Zope site running versions
  of Zope up to and including 2.4.0  have this hotfix product installed
  to mitigate this issue. (Zope 2.4.1 will not require the
  installation of a separate hotfix).

  http://www.zope.org/Products/Zope/Hotfix_2001-07-25/README.txt

  http://www.zope.org/Products/Zope/Hotfix_2001-07-25/Hotfix_2001-07-25.tgz


Brian Lloyd        brian@digicool.com
Software Engineer  540.371.6909
Digital Creations  http://www.digicool.com