[Zope] serious security hole in manage users / Manage users permissions?

Niels Dettenbach nd at syndicat.com
Tue Oct 25 08:32:38 UTC 2011


Am Montag, 24. Oktober 2011, 17:03:52 schrieben Sie:
> Thanks for your info. Any idea if this affects pre 2.10 zope? We've been 
> running in production 2.9 no problems for a while.

No,
from my tests all versions in 2.12.20 and 2.13.10 was affected - earlier not - 
im just wondering why the sec advisory means <=2.13.6. Will investigate that 
further...

> This hotfix addresses a serious vulnerability in the Zope2
> application server.  Affected versions of Zope2 include:
> 
> - 2.12.x <= 2.12.20
> 
> - 2.13.x <= 2.13.6


best regards,


Niels.

-- 
---
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://mail.zope.org/pipermail/zope/attachments/20111025/6148c06b/attachment.bin 


More information about the Zope mailing list