From owner-cvs-all  Sat Aug  4 10:29: 5 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 41A0C37B401; Sat,  4 Aug 2001 10:29:00 -0700 (PDT)
	(envelope-from nbm@FreeBSD.org)
Received: (from nbm@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f74HT0057042;
	Sat, 4 Aug 2001 10:29:00 -0700 (PDT)
	(envelope-from nbm)
Message-Id: <200108041729.f74HT0057042@freefall.freebsd.org>
From: Neil Blakey-Milner <nbm@FreeBSD.org>
Date: Sat, 4 Aug 2001 10:29:00 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/zope Makefile distinfo pkg-plist
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

nbm         2001/08/04 10:29:00 PDT

  Modified files:
    www/zope             Makefile distinfo pkg-plist 
  Log:
  Acqusition context checking hotfix
  
  ``The issue involves an error in the '_check_context' method of the
  AccessControl.User.BasicUser class. The bug made it possible to access
  Zope objects via acquisition that a user would not otherwise have access
  to. This issue could allow users with enough internal knowledge of Zope
  to perform actions higher in the object hierarchy than they should be
  able to.''
  
  Revision  Changes    Path
  1.30      +8 -6      ports/www/zope/Makefile
  1.18      +1 -0      ports/www/zope/distinfo
  1.22      +4 -0      ports/www/zope/pkg-plist


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message