[Zope] Zope and security vulnerability: 20121106

Christopher N. Deckard cnd at ecn.purdue.edu
Wed Nov 14 15:38:45 UTC 2012


We are running Zope 2.13.10.  (So this may not be too helpful.)  We are testing the hotfix.  This is the output in our event log.

2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied setHeader patch
2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied allow_module patch
2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied get_request_var_or_attr patch
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply gtbn
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply membership_tool
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply queryCatalog
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply uid_catalog
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply renameObjectsByPaths
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply at_download
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply safe_html
2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied python_scripts patch
2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied ftp patch
2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied atat patch
2012-11-14T10:16:49 WARNING Products.PloneHotfix20121106 Could not apply random_string
2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Hotfix installed

Without knowing how to specifically break things I can't say if it is good to be running this or not.  I'm sure a new Zope2 release will include these updates?

-Chris

--------------------------------------------------------------------
    Christopher N. Deckard      |     Lead Web Systems Developer
      cnd at ecn.purdue.edu        |    Engineering Computer Network
  http://eng.purdue.edu/ECN/    |         Purdue University 
---- zlib.decompress('x\234K\316Kq((-J)M\325KM)\005\000)"\005w') ---



On Nov 13, 2012, at 4:30 AM, Jens Vagelpohl <jens at dataflake.org> wrote:

> 
> On Nov 13, 2012, at 10:16 , Jürgen Herrmann <Juergen.Herrmann at XLhost.de> wrote:
>> I successfully applied these hotfixes to Zope 2.13 versions
>> without any problems. What puzzles me though is why was there
>> no announcement for theses fixes here on zope ml? Or are these
>> fixes not critical for pure Zope2 users? Or are these all fixed
>> in the latest version of Zope2?
> 
> There was no announcement here because those patches were prepared by Plone developers without our knowledge and announced without our knowledge. The Zope developers know as much about these patches (meaning little to nothing) as any other Zope user.
> 
> jens
> 
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )



More information about the Zope mailing list