Hello List,
after asking the primary author of the security issue he did not give us any
hints about test details nor the relevance of his 'results'. Moreover
ZMS/Zope is a Python based framework - not PHP based.
Until now the ZMS development team does not see any implications of this.
Best
Hello,
could you please comment on the security issue that is described in the
Debian bug report
http://bugs.debian.org/373667
The package zope-zms is in danger to become removed from the Debian
distribution if nobody will fix this long standing issue and we suspect
that you are intersted
Package: zope-zms
Severity: normal
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2006-2997: Cross-site scripting (XSS) vulnerability in ZMS 2.9 and
earlier, when register_globals is enabled, allows remote attackers to
inject arbitrary web script or HTML via the raw parameter
3 matches
Mail list logo
