Summary of messages to the zope-tests list.
Period Tue Jul 10 12:00:00 2007 UTC to Wed Jul 11 12:00:00 2007 UTC.
There were 5 messages: 5 from Zope Unit Tests.
Tests passed OK
---
Subject: OK : Zope-2.7 Python-2.3.6 : Linux
From: Zope Unit Tests
Date: Tue Jul 10 20:53:20 EDT 2007
hi,
imho i've found a vulnerability in zope 2.10.4 or rather in the newer
version of five (1.5.5) used by it. in `Five/browser/
pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the
instantiate the page template engine used by five templates, or at
least this is what i
On Jul 12, 2007, at 12:48 AM, Andreas Zeidler wrote:
so, unless i'm completely wrong here, i'd say this is a pretty
serious security whole, no?
that should have been a hole, actually... too late already, sorry! :)
andi
--
zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED]
Andreas Zeidler wrote:
hi,
imho i've found a vulnerability in zope 2.10.4 or rather in the newer
version of five (1.5.5) used by it. in `Five/browser/
pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the
instantiate the page template engine used by five templates, or at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Zeidler wrote:
hi,
imho i've found a vulnerability in zope 2.10.4 or rather in the newer
version of five (1.5.5) used by it. in `Five/browser/
pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the
instantiate the
On Jul 12, 2007, at 2:50 AM, Tres Seaver wrote:
so, unless i'm completely wrong here, i'd say this is a pretty
serious security whole, no?
No. It has been an accident that, until just recently, the
filesystem-based templates in a Five view were running as untrusted
code.
yep, martin's
