[Zope] Zope and security vulnerability: 20121106

johannes raggam raggam-nl at adm.at
Mon Nov 12 12:02:49 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The affected versions go back a long time. I don't know it exactly,
but people have used it successfully with Plone 2.1 (from ancient
times) and I have patched Zope 2.8 instances too.


On 11/11/2012 09:43 PM, Allen Schmidt wrote:
> For which zope versions?
> 
> On Nov 11, 2012 2:16 PM, "johannes raggam" <raggam-nl at adm.at 
> <mailto:raggam-nl at adm.at>> wrote:
> 
> You can just apply the Plone hotfix for Zope only installations.
> The Plone patches are not applied then.
> 
> Johannes
> 
> On 11/11/2012 06:32 PM, Marcus Schopen wrote:
>> Hi,
> 
>> is a standard Zope affected by this security vulnerability or
>> only if Plone is installed:
> 
> 
> http://plone.org/products/plone/security/advisories/20121106-announcement
>
> 
>> The patch is replacing some basic classes therefore it looks to
>> me that Zope itself without any Plone is vulnerable too. If so
>> is there a Hotfix for Zope or new Zope version which fixes these 
>> bugs?
> 
>> Ciao Marcus
> 
> 
>> _______________________________________________ Zope maillist  - 
>> Zope at zope.org <mailto:Zope at zope.org>
> https://mail.zope.org/mailman/listinfo/zope **   No
>> cross posts or HTML encoding!  ** (Related lists - 
>> https://mail.zope.org/mailman/listinfo/zope-announce 
>> https://mail.zope.org/mailman/listinfo/zope-dev )
> 
> 
> 
> _______________________________________________ Zope maillist  -
> Zope at zope.org <mailto:Zope at zope.org> 
> https://mail.zope.org/mailman/listinfo/zope **   No cross posts or
> HTML encoding!  ** (Related lists - 
> https://mail.zope.org/mailman/listinfo/zope-announce 
> https://mail.zope.org/mailman/listinfo/zope-dev )
> 

- -- 
programmatic  web development
di(fh) johannes raggam / thet
python plone zope development
mail: office at programmatic.pro
web:  http://programmatic.pro
      http://bluedynamics.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCg5WkACgkQW4mNMQxDgAfsyACgvbuoNO8ocpordzJmbH3X0OA2
gCsAnAkFNozMy1TRGWTKQjaYQgzLIisM
=DpGn
-----END PGP SIGNATURE-----


More information about the Zope mailing list