On Jul 12, 2007, at 12:48 AM, Andreas Zeidler wrote:
so, unless i'm completely wrong here, i'd say this is a pretty
serious security whole, no?
that should have been a hole, actually... too late already, sorry! :)
andi
--
zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED]
Andreas Zeidler wrote:
hi,
imho i've found a vulnerability in zope 2.10.4 or rather in the newer
version of five (1.5.5) used by it. in `Five/browser/
pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the
instantiate the page template engine used by five templates, or at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Zeidler wrote:
hi,
imho i've found a vulnerability in zope 2.10.4 or rather in the newer
version of five (1.5.5) used by it. in `Five/browser/
pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the
instantiate the
On Jul 12, 2007, at 2:50 AM, Tres Seaver wrote:
so, unless i'm completely wrong here, i'd say this is a pretty
serious security whole, no?
No. It has been an accident that, until just recently, the
filesystem-based templates in a Five view were running as untrusted
code.
yep, martin's