[Zope-dev] RE: [Zope] Zope security alert and 2.2 information

Paul Everitt Paul@digicool.com
Tue, 9 May 2000 18:58:29 -0400


Hello everybody.  For what it's worth, I just had a call with Brian
Behlendorf (from the Apache Group) about the web-wide aspect in the
second issue.  He says it is somewhat related to common client side
issues, but the involvement of redirect and malicious foreign forms is a
deeper wrinkle he hasn't seen before.

I would say "patches accepted", but in this case, I'll change it to
"prozac accepted".

--Paul

> -----Original Message-----
> From: Brian Lloyd [mailto:Brian@digicool.com]
> Sent: Tuesday, May 09, 2000 5:19 PM
> To: 'zope@zope.org'; 'zope-dev@zope.org'
> Subject: [Zope] Zope security alert and 2.2 information
> 
> 
> Hello all - 
> 
> We have recently become aware of two important security issues 
> that managers of Zope sites need to be aware of. Please see the 
> overview at:
> 
> http://www.zope.org/Members/jim/ZopeSecurity/TrojanIssueOverview
> 
> for further details.
> 
> 
> 
> Brian Lloyd        brian@digicool.com
> Software Engineer  540.371.6909              
> Digital Creations  http://www.digicool.com 
> 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>