Hello everybody. For what it's worth, I just had a call with Brian Behlendorf (from the Apache Group) about the web-wide aspect in the second issue. He says it is somewhat related to common client side issues, but the involvement of redirect and malicious foreign forms is a deeper wrinkle he hasn't seen before. I would say "patches accepted", but in this case, I'll change it to "prozac accepted". --Paul

-----Original Message----- From: Brian Lloyd [mailto:Brian@digicool.com] Sent: Tuesday, May 09, 2000 5:19 PM To: 'zope@zope.org'; 'zope-dev@zope.org' Subject: [Zope] Zope security alert and 2.2 information

Hello all -

We have recently become aware of two important security issues that managers of Zope sites need to be aware of. Please see the overview at:

http://www.zope.org/Members/jim/ZopeSecurity/TrojanIssueOverview

for further details.

Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )