[Zope-dev] post security update analysis
Brian Lloyd
brian at zope.com
Tue Jan 20 09:23:32 EST 2004
Thanks - I've marked these resolved. FYI I have a number of
other issues still to mark resolved - I'll be trying to work
through those today.
Brian Lloyd brian at zope.com
V.P. Engineering 540.361.1716
Zope Corporation http://www.zope.com
> -----Original Message-----
> From: zope-dev-bounces at zope.org [mailto:zope-dev-bounces at zope.org]On
> Behalf Of Jamie Heilman
> Sent: Tuesday, January 20, 2004 12:16 AM
> To: zope-dev at zope.org
> Subject: Re: [Zope-dev] post security update analysis
>
>
> Jamie Heilman wrote:
> > Now that we've reached closure on some of the outstanding security
> > issues in Zope there's a lot of stuff in the Collector that needs to
> > be revisited...
> >
> > Brian Lloyd wrote:
> ...
> > > - Proxy rights on DTMLMethods transferred via acquisition
> >
> > I believe this means issue #743 and issue #977 can be resolved now.
> > Actually, #977 already was rejected IIRC but its never been marked as
> > public which is rather irritating.
>
> I've verified that this is the case, #977 should be made public, and
> #743 can resolved.
>
> > > - Improper security assertions on DTMLDocument objects
> >
> > probably fixes issue #865, but because Zope-HEAD doesn't actually run
> > right now, due to a myriad of other bugs, I actually haven't tested it
>
> I've tested this now, #865 can be resolved.
>
> --
> Jamie Heilman http://audible.transient.net/~jamie/
> "...thats the metaphorical equivalent of flopping your wedding tackle
> into a lion's mouth and flicking his lovespuds with a wet towel, pure
> insanity..." -Rimmer
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )
>
More information about the Zope-Dev
mailing list