Re: [Zope-dev] [Zope] Hotfix for security vulnerability
On 24 October 2011 22:54, Tres Seaver tsea...@palladion.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of the Zope security response team, I would like to announce the availability of a hotfix for a vulnerability inadvertently published earlier today. 'Products.Zope_Hotfix_20111024' README == Overview - This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include: - - 2.12.x = 2.12.20 - - 2.13.x = 2.13.6 Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected? Laurence ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope] Hotfix for security vulnerability
Laurence Rowe wrote: This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include: - - 2.12.x= 2.12.20 - - 2.13.x= 2.13.6 Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected? They are affected. 2.13.6 seems to be a typo. But AFAICT Plone is not affected because it doesn't use the default user folder implementation shipped with Zope. Cheers, Yuppie ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope] Hotfix for security vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 07:44 AM, yuppie wrote: Laurence Rowe wrote: This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include: - - 2.12.x= 2.12.20 - - 2.13.x= 2.13.6 Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected? They are affected. 2.13.6 seems to be a typo. But AFAICT Plone is not affected because it doesn't use the default user folder implementation shipped with Zope. Yuppie is correct on both points. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6mwGIACgkQ+gerLs4ltQ48MwCaA5LjyoIIPIZOGdliV5c8kKs+ teEAoMqrJtdYCOfPjt8UK3Ehq8nh7Jb7 =gk5u -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope] Hotfix for security vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 07:28 AM, Laurence Rowe wrote: On 24 October 2011 22:54, Tres Seaver tsea...@palladion.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of the Zope security response team, I would like to announce the availability of a hotfix for a vulnerability inadvertently published earlier today. 'Products.Zope_Hotfix_20111024' README == Overview - This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include: - - 2.12.x = 2.12.20 - - 2.13.x = 2.13.6 Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected? Yes, I typoed the version. All existing 2.13 releases are affected. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6m2ogACgkQ+gerLs4ltQ65HQCeJsiLA5MiGmjI94O46BL8WCgU cFIAoJDe7lrp/f12Nauk7SRJ2XFqGQCK =DndQ -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )