-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2011 07:44 AM, yuppie wrote: > Laurence Rowe wrote: >>> This hotfix addresses a serious vulnerability in the Zope2 >>> application server. Affected versions of Zope2 include: >>> >>> - - 2.12.x<= 2.12.20 >>> >>> - - 2.13.x<= 2.13.6 >>> >>> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. >> >> Can you confirm whether or not Zope 2.13.6 through 2.13.10 are >> affected? > > They are affected. "2.13.6" seems to be a typo. But AFAICT Plone > is not affected because it doesn't use the default user folder > implementation shipped with Zope.
Yuppie is correct on both points. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6mwGIACgkQ+gerLs4ltQ48MwCaA5LjyoIIPIZOGdliV5c8kKs+ teEAoMqrJtdYCOfPjt8UK3Ehq8nh7Jb7 =gk5u -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
