-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2011 07:44 AM, yuppie wrote:
Laurence Rowe wrote:
This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include:
- - 2.12.x<= 2.12.20
- - 2.13.x<= 2.13.6
Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected?
They are affected. "2.13.6" seems to be a typo. But AFAICT Plone is not affected because it doesn't use the default user folder implementation shipped with Zope.
Yuppie is correct on both points. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6mwGIACgkQ+gerLs4ltQ48MwCaA5LjyoIIPIZOGdliV5c8kKs+ teEAoMqrJtdYCOfPjt8UK3Ehq8nh7Jb7 =gk5u -----END PGP SIGNATURE-----