Aggiornato. Tx.
2013/5/30 Fabrizio Rota <[email protected]> > Potevano indicarla esplicitamente nel messaggio insieme alle altre > versioni..... O magari ho capito male io! > Il giorno 30/mag/2013 11:26, "Yuri" <[email protected]> ha scritto: > > Il 30/05/2013 11:00, Fabrizio Rota ha scritto: >> >>> io ho la 1.7.0: parrebbe esente da vulnerabilità: mi fido? >>> >> >> dalla 1.7.0: >> >> def onSuccess(self, fields, REQUEST=None, loopstop=False): >> """ >> saves data. >> """ >> >> dalla 1.7.11: >> >> security.declarePrivate('**onSuccess') >> def onSuccess(self, fields, REQUEST=None, loopstop=False): >> # """ >> # saves data. >> # """ >> >> >> Direi di no :) >> >> >> >>> >>> 2013/5/30 Luca Fabbri <[email protected] <mailto:[email protected]>> >>> >>> Un po' criticabile il fatto che non c'è stata una segnalazione >>> preventiva. Capisco non sia un HotFix però qualche disagio potrebbe >>> averlo creato. Dopo tutto è forse il prodotto aggiuntivo più famoso! >>> >>> >>> On Thu, May 30, 2013 at 8:59 AM, Vito Falco <[email protected] >>> <mailto:[email protected]>> wrote: >>> > Thank's! >>> > >>> > Vito >>> > >>> > >>> > 2013/5/30 Yuri <[email protected] <mailto:[email protected]>> >>> >> >>> >> >>> >> >>> >> -------- Messaggio originale -------- >>> >> Oggetto: [Plone-Users] Fwd: Vulnerability in >>> PloneFormGen — Updated >>> >> announcement >>> >> Data: Wed, 29 May 2013 10:31:16 -0700 >>> >> Mittente: Steve McMahon <[email protected] >>> <mailto:[email protected]>> >>> >> A: plone_users >>> <plone-users@lists.**sourceforge.net<[email protected]> >>> >>> <mailto:plone-users@lists.**sourceforge.net<[email protected]>>>, >>> Plone Developers >>> >> >>> <plone-developers@lists.**sourceforge.net<[email protected]> >>> >>> <mailto:plone-developers@**lists.sourceforge.net<[email protected]> >>> >> >>> >> >>> >> >>> >> >>> >> PloneFormGen >>> <http://plone.org/products/**ploneformgen<http://plone.org/products/ploneformgen>>, >>> a widely >>> used >>> >> response-form-creation add-on for the Plone Content Management >>> System, has >>> >> been discovered to have a serious vulnerability that allows an >>> anonymous >>> >> attacker to execute arbitrary code with the privileges of the >>> system user >>> >> running the server. >>> >> >>> >> Installations of Plone that do not use the PloneFormGen add-on >>> are not >>> >> affected by this vulnerability. >>> >> >>> >> The vulnerability is present in PloneFormGen versions 1.7.4 >>> (2012-11-04) >>> >> through 1.7.8. Users of any of these versions should >>> immediately upgrade to >>> >> Products.PloneFormGen version 1.7.11 >>> >> >>> <https://pypi.python.org/pypi/**Products.PloneFormGen/1.7.11<https://pypi.python.org/pypi/Products.PloneFormGen/1.7.11> >>> >. >>> 1.7.11 has been >>> >> released today to the Plone and Python package repositories. >>> >> >>> >> Another serious vulnerability affects most earlier versions of >>> >> PloneFormGen. This vulnerability affects forms that have custom >>> script >>> >> adapters, and allows an anonymous attacker to gain control over >>> the handling >>> >> of data submitted through the form. This vulnerability is >>> addressed in >>> >> version 1.7.9. Users of PloneFormGen in the 1.6 series, which >>> runs on Plone >>> >> 3.x, 4.0 and 4.1 should upgrade to version 1.6.7 >>> >> >>> <https://pypi.python.org/pypi/**Products.PloneFormGen/1.6.7<https://pypi.python.org/pypi/Products.PloneFormGen/1.6.7> >>> >, >>> also released >>> >> today. >>> >> >>> >> Help for installing the upgrade is available on the #plone IRC >>> channel >>> >> <http://plone.org/support/chat**> and forums >>> >> >>> <https://plone.org/support/**forums<https://plone.org/support/forums>>. >>> Upgrading an already >>> installed package >>> >> requires you to specify the new version number in your buildout >>> >> configuration file >>> >> >>> <https://weblion.psu.edu/trac/**weblion/wiki/VersionPinning<https://weblion.psu.edu/trac/weblion/wiki/VersionPinning>> >>> and run >>> >> buildout. >>> >> >>> >> Thanks to The Code Distillery's security analysts for the >>> responsible >>> >> disclosure of the vulnerabilities, and for their suggestions >>> for addressing >>> >> the issues. >>> >> >>> >> >>> >> >>> >> >>> >> ______________________________**_________________ >>> >> Plone-IT mailing list >>> >> [email protected] >>> <mailto:[email protected].**org<[email protected]> >>> > >>> >> >>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it> >>> >> >>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-** >>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html> >>> > >>> > >>> > >>> > >>> > -- >>> > Vito Falco >>> > Webdeveloper & designer freelance, Plone enthusiast >>> > Bari, IT >>> > tel +39 3346330137 <tel:%2B39%203346330137> | skype vito80ba | >>> twitter vito80ba >>> > Linkedin >>> http://it.linkedin.com/in/**vitof<http://it.linkedin.com/in/vitof> >>> > >>> > ______________________________**_________________ >>> > Plone-IT mailing list >>> > [email protected] >>> <mailto:[email protected].**org<[email protected]> >>> > >>> > >>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it> >>> > >>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-** >>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html> >>> >>> >>> >>> -- >>> Saluti/Regards >>> >>> Luca Fabbri - RedTurtle Technology >>> E-mail: [email protected] >>> <mailto:luca.fabbri@redturtle.**it<[email protected]> >>> > >>> Web Site: http://www.redturtle.it/ >>> Phone: +39 0532 1915958 <tel:%2B39%200532%201915958> >>> Fax: +39 0532 287070 <tel:%2B39%200532%20287070> >>> ______________________________**_________________ >>> Plone-IT mailing list >>> [email protected] >>> <mailto:[email protected].**org<[email protected]> >>> > >>> >>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it> >>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-** >>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html> >>> >>> >>> >>> >>> -- >>> Fabrizio >>> -------------------- >>> Non inviato da IPhone >>> >>> "Life is what happens to you while you're busy making other plans" - J. >>> Lennon >>> >>> “If you think education is expensive, try ignorance” - D. Bok >>> >>> Life is like a game of cards. The hand you are dealt is determinism; the >>> way you play it is free will - Jawaharlal Nehru >>> >>> >>> ______________________________**_________________ >>> Plone-IT mailing list >>> [email protected] >>> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it> >>> http://plone-regional-forums.**221720.n2.nabble.com/Plone-** >>> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html> >>> >> >> ______________________________**_________________ >> Plone-IT mailing list >> [email protected] >> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it> >> http://plone-regional-forums.**221720.n2.nabble.com/Plone-** >> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html> >> > -- Fabrizio -------------------- Non inviato da IPhone "Life is what happens to you while you're busy making other plans" - J. Lennon “If you think education is expensive, try ignorance” - D. Bok Life is like a game of cards. The hand you are dealt is determinism; the way you play it is free will - Jawaharlal Nehru
_______________________________________________ Plone-IT mailing list [email protected] https://lists.plone.org/mailman/listinfo/plone-plone-it http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
