[Zope] Zope and security vulnerability: 20121106

Richard Harley richard at scholarpack.com
Mon Nov 12 12:07:23 UTC 2012


So, to clarify, does this affect plain Zope 2.10, no Plone?

Rich
On 12/11/12 12:02, johannes raggam wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The affected versions go back a long time. I don't know it exactly,
> but people have used it successfully with Plone 2.1 (from ancient
> times) and I have patched Zope 2.8 instances too.
>
>
> On 11/11/2012 09:43 PM, Allen Schmidt wrote:
>> For which zope versions?
>>
>> On Nov 11, 2012 2:16 PM, "johannes raggam"<raggam-nl at adm.at
>> <mailto:raggam-nl at adm.at>>  wrote:
>>
>> You can just apply the Plone hotfix for Zope only installations.
>> The Plone patches are not applied then.
>>
>> Johannes
>>
>> On 11/11/2012 06:32 PM, Marcus Schopen wrote:
>>> Hi,
>>> is a standard Zope affected by this security vulnerability or
>>> only if Plone is installed:
>>
>> http://plone.org/products/plone/security/advisories/20121106-announcement
>>
>>
>>> The patch is replacing some basic classes therefore it looks to
>>> me that Zope itself without any Plone is vulnerable too. If so
>>> is there a Hotfix for Zope or new Zope version which fixes these
>>> bugs?
>>> Ciao Marcus
>>
>>> _______________________________________________ Zope maillist  -
>>> Zope at zope.org<mailto:Zope at zope.org>
>> https://mail.zope.org/mailman/listinfo/zope **   No
>>> cross posts or HTML encoding!  ** (Related lists -
>>> https://mail.zope.org/mailman/listinfo/zope-announce
>>> https://mail.zope.org/mailman/listinfo/zope-dev )
>>
>>
>> _______________________________________________ Zope maillist  -
>> Zope at zope.org<mailto:Zope at zope.org>
>> https://mail.zope.org/mailman/listinfo/zope **   No cross posts or
>> HTML encoding!  ** (Related lists -
>> https://mail.zope.org/mailman/listinfo/zope-announce
>> https://mail.zope.org/mailman/listinfo/zope-dev )
>>
> - -- 
> programmatic  web development
> di(fh) johannes raggam / thet
> python plone zope development
> mail: office at programmatic.pro
> web:  http://programmatic.pro
>        http://bluedynamics.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlCg5WkACgkQW4mNMQxDgAfsyACgvbuoNO8ocpordzJmbH3X0OA2
> gCsAnAkFNozMy1TRGWTKQjaYQgzLIisM
> =DpGn
> -----END PGP SIGNATURE-----
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>   https://mail.zope.org/mailman/listinfo/zope-announce
>   https://mail.zope.org/mailman/listinfo/zope-dev )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.zope.org/pipermail/zope/attachments/20121112/b90738e5/attachment.html>


More information about the Zope mailing list