io ho la 1.7.0: parrebbe esente da vulnerabilità: mi fido?
2013/5/30 Luca Fabbri <[email protected]> > Un po' criticabile il fatto che non c'è stata una segnalazione > preventiva. Capisco non sia un HotFix però qualche disagio potrebbe > averlo creato. Dopo tutto è forse il prodotto aggiuntivo più famoso! > > > On Thu, May 30, 2013 at 8:59 AM, Vito Falco <[email protected]> wrote: > > Thank's! > > > > Vito > > > > > > 2013/5/30 Yuri <[email protected]> > >> > >> > >> > >> -------- Messaggio originale -------- > >> Oggetto: [Plone-Users] Fwd: Vulnerability in PloneFormGen — > Updated > >> announcement > >> Data: Wed, 29 May 2013 10:31:16 -0700 > >> Mittente: Steve McMahon <[email protected]> > >> A: plone_users <[email protected]>, Plone > Developers > >> <[email protected]> > >> > >> > >> > >> PloneFormGen <http://plone.org/products/ploneformgen>, a widely used > >> response-form-creation add-on for the Plone Content Management System, > has > >> been discovered to have a serious vulnerability that allows an anonymous > >> attacker to execute arbitrary code with the privileges of the system > user > >> running the server. > >> > >> Installations of Plone that do not use the PloneFormGen add-on are not > >> affected by this vulnerability. > >> > >> The vulnerability is present in PloneFormGen versions 1.7.4 (2012-11-04) > >> through 1.7.8. Users of any of these versions should immediately > upgrade to > >> Products.PloneFormGen version 1.7.11 > >> <https://pypi.python.org/pypi/Products.PloneFormGen/1.7.11>. 1.7.11 > has been > >> released today to the Plone and Python package repositories. > >> > >> Another serious vulnerability affects most earlier versions of > >> PloneFormGen. This vulnerability affects forms that have custom script > >> adapters, and allows an anonymous attacker to gain control over the > handling > >> of data submitted through the form. This vulnerability is addressed in > >> version 1.7.9. Users of PloneFormGen in the 1.6 series, which runs on > Plone > >> 3.x, 4.0 and 4.1 should upgrade to version 1.6.7 > >> <https://pypi.python.org/pypi/Products.PloneFormGen/1.6.7>, also > released > >> today. > >> > >> Help for installing the upgrade is available on the #plone IRC channel > >> <http://plone.org/support/chat> and forums > >> <https://plone.org/support/forums>. Upgrading an already installed > package > >> requires you to specify the new version number in your buildout > >> configuration file > >> <https://weblion.psu.edu/trac/weblion/wiki/VersionPinning> and run > >> buildout. > >> > >> Thanks to The Code Distillery's security analysts for the responsible > >> disclosure of the vulnerabilities, and for their suggestions for > addressing > >> the issues. > >> > >> > >> > >> > >> _______________________________________________ > >> Plone-IT mailing list > >> [email protected] > >> https://lists.plone.org/mailman/listinfo/plone-plone-it > >> > http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html > > > > > > > > > > -- > > Vito Falco > > Webdeveloper & designer freelance, Plone enthusiast > > Bari, IT > > tel +39 3346330137 | skype vito80ba | twitter vito80ba > > Linkedin http://it.linkedin.com/in/vitof > > > > _______________________________________________ > > Plone-IT mailing list > > [email protected] > > https://lists.plone.org/mailman/listinfo/plone-plone-it > > > http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html > > > > -- > Saluti/Regards > > Luca Fabbri - RedTurtle Technology > E-mail: [email protected] > Web Site: http://www.redturtle.it/ > Phone: +39 0532 1915958 > Fax: +39 0532 287070 > _______________________________________________ > Plone-IT mailing list > [email protected] > https://lists.plone.org/mailman/listinfo/plone-plone-it > http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html > -- Fabrizio -------------------- Non inviato da IPhone "Life is what happens to you while you're busy making other plans" - J. Lennon “If you think education is expensive, try ignorance” - D. Bok Life is like a game of cards. The hand you are dealt is determinism; the way you play it is free will - Jawaharlal Nehru
_______________________________________________ Plone-IT mailing list [email protected] https://lists.plone.org/mailman/listinfo/plone-plone-it http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
