On Fri, 08 Aug 2008 08:09:56 -0700, Stacy Ladnier
<[EMAIL PROTECTED]> wrote:
I first apologize for cross posting, but this is a critical issue for my
organization.
We have several applications built with Plone, ranging from v 2.0.5 to v
2.5.3 and Zope, ranging from 2.7.3 to 2.9.7. With the August 2008
release of a Python security vulnerability
(http://secunia.com/advisories/31305/), we are trying to determine how
this affects our web applications and how to mitigate and detect any
attacks. We have seen no discussion among the Zope and Plone communities
regarding this security threat. Is this an indication that Zope and
Plone are immune from these exploits due to the additional security
model it puts in place or is everyone simply waiting for Python to
release a patch?
Most of the issues mentioned seem to be irrelevant to Plone from a casual
glance (disclaimer: I'm not a coder :) — but this one could probably do
with some investigation:
3) Integer overflow errors in the processing of unicode strings can be
exploited to cause buffer overflows on 32-bit systems.
In general, we have to wait until Python releases new versions that fix
these issues when they happen. I'm sure that will be the easiest and
quickest way to resolve this too.
--
Alexander Limi · http://limi.net
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )