oh, no, ancora! :-D

-------- Messaggio originale --------
Oggetto: [Plone-Users] Security Announcement: Severe Vulnerability - Patch Pre-Announcement
Data:   Wed, 28 Sep 2011 13:54:49 -0700
Mittente:       Steve McMahon <[email protected]>
A: plone_users <[email protected]>, Plone Developers <[email protected]>



During a security audit conducted by a member of the Plone Security Team, a severe vulnerability was discovered in Zope 2.12.x and Zope 2.13.x that allows execution of arbitrary code by anonymous users.
*
*The vulnerability affects Plone 4.0 (through 4.0.9); Plone 4.1; Plone 4.2 (a1 and a2); Zope 2.12.x and Zope 2.13.x. It allows an unauthenticated attacker to employ a carefully crafted web request to execute arbitrary commands with the privileges of the Zope/Plone service.

*A patch will be available 2011-10-04, at 15:00 UTC.*

Please carefully read h <goog_188554871>ttp://plone.org/products/plone/security/advisories/20110928 for more details.

*General questions**about this announcement*, Plone patching procedures, and availability of support may be addressed to thePlone support forums <http://plone.org/support>. If you have*specific questions*about this vulnerability or its handling, contact thePlone Security Team <mailto:[email protected]>.

*To report potentially security-related issues**,*please send a mail to the Plone Security Team [email protected] <mailto:[email protected]>. The security team is always happy to credit individuals and companies who make responsible disclosures.

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Plone-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/plone-users

_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html

Rispondere a