-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2011 07:28 AM, Laurence Rowe wrote: > On 24 October 2011 22:54, Tres Seaver <tsea...@palladion.com> > wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On behalf of the Zope security response team, I would like to >> announce the availability of a hotfix for a vulnerability >> inadvertently published earlier today. >> >> 'Products.Zope_Hotfix_20111024' README >> ====================================== >> >> Overview - -------- >> >> This hotfix addresses a serious vulnerability in the Zope2 >> application server. Affected versions of Zope2 include: >> >> - - 2.12.x <= 2.12.20 >> >> - - 2.13.x <= 2.13.6 >> >> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable. > > Can you confirm whether or not Zope 2.13.6 through 2.13.10 are > affected?
Yes, I typoed the version. All existing 2.13 releases are affected. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6m2ogACgkQ+gerLs4ltQ65HQCeJsiLA5MiGmjI94O46BL8WCgU cFIAoJDe7lrp/f12Nauk7SRJ2XFqGQCK =DndQ -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )