[Zope-dev] [Zope] Hotfix for security vulnerability
Tres Seaver
tseaver at palladion.com
Tue Oct 25 15:49:28 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/25/2011 07:28 AM, Laurence Rowe wrote:
> On 24 October 2011 22:54, Tres Seaver <tseaver at palladion.com>
> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On behalf of the Zope security response team, I would like to
>> announce the availability of a hotfix for a vulnerability
>> inadvertently published earlier today.
>>
>> 'Products.Zope_Hotfix_20111024' README
>> ======================================
>>
>> Overview - --------
>>
>> This hotfix addresses a serious vulnerability in the Zope2
>> application server. Affected versions of Zope2 include:
>>
>> - - 2.12.x <= 2.12.20
>>
>> - - 2.13.x <= 2.13.6
>>
>> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
>
> Can you confirm whether or not Zope 2.13.6 through 2.13.10 are
> affected?
Yes, I typoed the version. All existing 2.13 releases are affected.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6m2ogACgkQ+gerLs4ltQ65HQCeJsiLA5MiGmjI94O46BL8WCgU
cFIAoJDe7lrp/f12Nauk7SRJ2XFqGQCK
=DndQ
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list