[Zope] Re: [Zope-Annce] SECURITY alert and hotfix release
Shane Hathaway
shane@digicool.com
Fri, 08 Dec 2000 17:38:07 -0500
Andrew Kuchling wrote:
>
> On Fri, Dec 08, 2000 at 03:48:52PM -0500, Brian Lloyd wrote:
> > The hotfix will work for all versions of Zope 2.2.0 and higher. A
> > future version of Zope will contain the fix for this
> > issue, and you will be able to uninstall the hot fix after upgrading.
>
> A slight modification to the patch makes it work (meaning, "run
> without raising an exception") on Zope 2.1.6; patch below. Can
> someone at DC confirm that this patched version fixes the problem for
> 2.1.x and doesn't break anything else? (If you want to privately send
> me an exploit, that would be quite helpful.)
AFAICT 2.1.6 is not vulnerable.
Shane