Date: Sat, 10 Mar 2001 04:22:16 -0800 (PST) From: Jimmy Olgeni <olgeni@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/zope Makefile distinfo pkg-plist Message-ID: <200103101222.f2ACMGa07506@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
olgeni 2001/03/10 04:22:16 PST
Modified files:
www/zope Makefile distinfo pkg-plist
Log:
Apply Zope hotfix: Hotfix_2001-03-08
From the Zope site:
The issue involves an error in the 'aq_inContextOf' method of objects that
support acquisition. A recent change to the access validation machinery
made this bug begin to affect security restrictions. The bug, with the
change to validation, made it possible to access Zope objects via
acquisition that a user would not otherwise have access to. This issue
could allow users with enough internal knowledge of Zope to perform actions
higher in the object hierarchy than they should be able to.
Revision Changes Path
1.24 +6 -4 ports/www/zope/Makefile
1.13 +1 -0 ports/www/zope/distinfo
1.15 +4 -0 ports/www/zope/pkg-plist
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103101222.f2ACMGa07506>