Thanks - I've marked these resolved. FYI I have a number of other issues still to mark resolved - I'll be trying to work through those today.
Brian Lloyd [EMAIL PROTECTED] V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Jamie Heilman > Sent: Tuesday, January 20, 2004 12:16 AM > To: [EMAIL PROTECTED] > Subject: Re: [Zope-dev] post security update analysis > > > Jamie Heilman wrote: > > Now that we've reached closure on some of the outstanding security > > issues in Zope there's a lot of stuff in the Collector that needs to > > be revisited... > > > > Brian Lloyd wrote: > ... > > > - Proxy rights on DTMLMethods transferred via acquisition > > > > I believe this means issue #743 and issue #977 can be resolved now. > > Actually, #977 already was rejected IIRC but its never been marked as > > public which is rather irritating. > > I've verified that this is the case, #977 should be made public, and > #743 can resolved. > > > > - Improper security assertions on DTMLDocument objects > > > > probably fixes issue #865, but because Zope-HEAD doesn't actually run > > right now, due to a myriad of other bugs, I actually haven't tested it > > I've tested this now, #865 can be resolved. > > -- > Jamie Heilman http://audible.transient.net/~jamie/ > "...thats the metaphorical equivalent of flopping your wedding tackle > into a lion's mouth and flicking his lovespuds with a wet towel, pure > insanity..." -Rimmer > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) > _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
