Mandrake Linux Security Advisory : Zope (MDKSA-2001:080)

A new Zope hotfix is available that fixes a problem with DTML scripting as described in the README.txt of Hotfix2001-09-28 : 'The issue involves the fmt attribute of dtml-var tags. Without this correction, Zope does not check security access to methods invoked through fmt. This issue could allow...