Potevano indicarla esplicitamente nel messaggio insieme alle altre
versioni..... O magari ho capito male io!
Il giorno 30/mag/2013 11:26, "Yuri" <[email protected]> ha scritto:
> Il 30/05/2013 11:00, Fabrizio Rota ha scritto:
>
>> io ho la 1.7.0: parrebbe esente da vulnerabilità: mi fido?
>>
>
> dalla 1.7.0:
>
> def onSuccess(self, fields, REQUEST=None, loopstop=False):
> """
> saves data.
> """
>
> dalla 1.7.11:
>
> security.declarePrivate('**onSuccess')
> def onSuccess(self, fields, REQUEST=None, loopstop=False):
> # """
> # saves data.
> # """
>
>
> Direi di no :)
>
>
>
>>
>> 2013/5/30 Luca Fabbri <[email protected] <mailto:[email protected]>>
>>
>> Un po' criticabile il fatto che non c'è stata una segnalazione
>> preventiva. Capisco non sia un HotFix però qualche disagio potrebbe
>> averlo creato. Dopo tutto è forse il prodotto aggiuntivo più famoso!
>>
>>
>> On Thu, May 30, 2013 at 8:59 AM, Vito Falco <[email protected]
>> <mailto:[email protected]>> wrote:
>> > Thank's!
>> >
>> > Vito
>> >
>> >
>> > 2013/5/30 Yuri <[email protected] <mailto:[email protected]>>
>> >>
>> >>
>> >>
>> >> -------- Messaggio originale --------
>> >> Oggetto: [Plone-Users] Fwd: Vulnerability in
>> PloneFormGen — Updated
>> >> announcement
>> >> Data: Wed, 29 May 2013 10:31:16 -0700
>> >> Mittente: Steve McMahon <[email protected]
>> <mailto:[email protected]>>
>> >> A: plone_users
>> <plone-users@lists.**sourceforge.net<[email protected]>
>>
>> <mailto:plone-users@lists.**sourceforge.net<[email protected]>>>,
>> Plone Developers
>> >>
>> <plone-developers@lists.**sourceforge.net<[email protected]>
>>
>> <mailto:plone-developers@**lists.sourceforge.net<[email protected]>
>> >>
>> >>
>> >>
>> >>
>> >> PloneFormGen
>> <http://plone.org/products/**ploneformgen<http://plone.org/products/ploneformgen>>,
>> a widely
>> used
>> >> response-form-creation add-on for the Plone Content Management
>> System, has
>> >> been discovered to have a serious vulnerability that allows an
>> anonymous
>> >> attacker to execute arbitrary code with the privileges of the
>> system user
>> >> running the server.
>> >>
>> >> Installations of Plone that do not use the PloneFormGen add-on
>> are not
>> >> affected by this vulnerability.
>> >>
>> >> The vulnerability is present in PloneFormGen versions 1.7.4
>> (2012-11-04)
>> >> through 1.7.8. Users of any of these versions should
>> immediately upgrade to
>> >> Products.PloneFormGen version 1.7.11
>> >>
>> <https://pypi.python.org/pypi/**Products.PloneFormGen/1.7.11<https://pypi.python.org/pypi/Products.PloneFormGen/1.7.11>
>> >.
>> 1.7.11 has been
>> >> released today to the Plone and Python package repositories.
>> >>
>> >> Another serious vulnerability affects most earlier versions of
>> >> PloneFormGen. This vulnerability affects forms that have custom
>> script
>> >> adapters, and allows an anonymous attacker to gain control over
>> the handling
>> >> of data submitted through the form. This vulnerability is
>> addressed in
>> >> version 1.7.9. Users of PloneFormGen in the 1.6 series, which
>> runs on Plone
>> >> 3.x, 4.0 and 4.1 should upgrade to version 1.6.7
>> >>
>> <https://pypi.python.org/pypi/**Products.PloneFormGen/1.6.7<https://pypi.python.org/pypi/Products.PloneFormGen/1.6.7>
>> >,
>> also released
>> >> today.
>> >>
>> >> Help for installing the upgrade is available on the #plone IRC
>> channel
>> >> <http://plone.org/support/chat**> and forums
>> >>
>> <https://plone.org/support/**forums<https://plone.org/support/forums>>.
>> Upgrading an already
>> installed package
>> >> requires you to specify the new version number in your buildout
>> >> configuration file
>> >>
>> <https://weblion.psu.edu/trac/**weblion/wiki/VersionPinning<https://weblion.psu.edu/trac/weblion/wiki/VersionPinning>>Â
>> and run
>> >> buildout.
>> >>
>> >> Thanks to The Code Distillery's security analysts for the
>> responsible
>> >> disclosure of the vulnerabilities, and for their suggestions
>> for addressing
>> >> the issues.
>> >>
>> >>
>> >>
>> >>
>> >> ______________________________**_________________
>> >> Plone-IT mailing list
>> >> [email protected]
>> <mailto:[email protected].**org<[email protected]>
>> >
>> >>
>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it>
>> >>
>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-**
>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
>> >
>> >
>> >
>> >
>> > --
>> > Vito Falco
>> > Webdeveloper & designer freelance, Plone enthusiast
>> > Bari, IT
>> > tel +39 3346330137 <tel:%2B39%203346330137> | skype vito80ba |
>> twitter vito80ba
>> > Linkedin
>> http://it.linkedin.com/in/**vitof<http://it.linkedin.com/in/vitof>
>> >
>> > ______________________________**_________________
>> > Plone-IT mailing list
>> > [email protected]
>> <mailto:[email protected].**org<[email protected]>
>> >
>> >
>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it>
>> >
>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-**
>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
>>
>>
>>
>> --
>> Saluti/Regards
>>
>> Luca Fabbri - RedTurtle Technology
>> E-mail: [email protected]
>> <mailto:luca.fabbri@redturtle.**it<[email protected]>
>> >
>> Web Site: http://www.redturtle.it/
>> Phone: +39 0532 1915958 <tel:%2B39%200532%201915958>
>> Fax: +39 0532 287070 <tel:%2B39%200532%20287070>
>> ______________________________**_________________
>> Plone-IT mailing list
>> [email protected]
>> <mailto:[email protected].**org<[email protected]>
>> >
>>
>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it>
>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-**
>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
>>
>>
>>
>>
>> --
>> Fabrizio
>> --------------------
>> Non inviato da IPhone
>>
>> "Life is what happens to you while you're busy making other plans" - J.
>> Lennon
>>
>> “If you think education is expensive, try ignorance” - D. Bok
>>
>> Life is like a game of cards. The hand you are dealt is determinism; the
>> way you play it is free will - Jawaharlal Nehru
>>
>>
>> ______________________________**_________________
>> Plone-IT mailing list
>> [email protected]
>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it>
>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-**
>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
>>
>
> ______________________________**_________________
> Plone-IT mailing list
> [email protected]
> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it>
> http://plone-regional-forums.**221720.n2.nabble.com/Plone-**
> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html>
>
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
