4 matches found
Debian DSA-055-1 : zope - remote unauthorized access
A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for...
Debian DSA-043-1 : zope
This advisory covers several vulnerabilities in Zope that have been addressed.Hotfix 08092000 'Zope security alert and hotfix product' The issue involves the fact that the getRoles method of user objects contained in the default UserFolder implementation returns a mutable Python type. Because the...
[SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 490-1 [email protected] http://www.debian.org/security/ Martin Schulze April 17th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA-007-1] insufficient protection for zope Image and File objects
Package : zope Problem type : insufficient protection Debian-specific: no A busy week for the Zope team: on Monday another security alert was released revealing a potential problem found by Peter Kelly. This problem involved incorrect protection of data updating for Image and File objects: any us...