[Zope] Script (Python) insecure ?

Martijn Jacobs martijn at fourdigits.nl
Wed Aug 13 03:30:30 EDT 2008 

Thanks Andreas, for creating a hotfix for this issue!

>
> --On 12. August 2008 17:14:15 +0000 Maurits van Rees 
> <m.van.rees at zestsoftware.nl> wrote:
>
>> Andreas Jung, on 2008-08-12:
>>>>> After rough test: it seems to work for Zope trunk, 2.10 and 2.11
>>>>> but has a failure for Zope 2.8.
>>>>
>>>> I forgot to mention that the hotfix also seems to work for Zope 2.9.
>>>> (third-party confirmations are highly appreciated).
>>>
>>> Update: the hotfix although works for Zope 2.8 (tested with
>>> a running Zope instance - however the testrunner does not seem
>>> to import Hotfix though the included tests under 2.8 aren't
>>> found/executed).
>>
>> In Zope 2.8, when I place the Hotfix in the Products dir of the
>> instance, the two tests pass when I run the tests like this:
>>
>>   bin/zopectl test --dir=Products/Hotfix_20080812/
>>
>> That's with: http://www.zope.org/advisories/Hotfix_20080812_0.1.tar.gz
>>
>> I tested on Zope 2.8, 2.9, 2.10, 2.11.  All with python 2.4.  Without
>> the hotfix "raise SystemExit" crashed Zope.  I could not confirm the
>> other problem; that just gave me a LookupError.  With the hotfix in
>> the Products dir of the instance, the crash did not occur and the
>> tests passed.
>
>
> Thanks for further testing. I released V 0.2 of the hotfix containing
> your fixes. The hotfix also works with Zope 2.7...this should be enough.
> If there are no objections I would like to release the hotfix 
> officially at some time tomorrow.
>
> Andreas
> ------------------------------------------------------------------------
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>   


-- 
Martijn Jacobs
Four Digits, Internet Solutions

a: Willemsplein 15-1 6811 KB Arnhem NL 
kvk: 091621370000 | btw: 8161.22.234.B01
e-mail: martijn at fourdigits.nl | web: http://www.fourdigits.nl
tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20080813/07bfc507/attachment.html

More information about the Zope mailing list