From owner-cvs-all  Sat Mar 10  4:22:20 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id A704F37B718; Sat, 10 Mar 2001 04:22:16 -0800 (PST)
	(envelope-from olgeni@FreeBSD.org)
Received: (from olgeni@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f2ACMGa07506;
	Sat, 10 Mar 2001 04:22:16 -0800 (PST)
	(envelope-from olgeni)
Message-Id: <200103101222.f2ACMGa07506@freefall.freebsd.org>
From: Jimmy Olgeni <olgeni@FreeBSD.org>
Date: Sat, 10 Mar 2001 04:22:16 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/www/zope Makefile distinfo pkg-plist
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

olgeni      2001/03/10 04:22:16 PST

  Modified files:
    www/zope             Makefile distinfo pkg-plist 
  Log:
  Apply Zope hotfix: Hotfix_2001-03-08
  
  From the Zope site:
  
  The issue involves an error in the 'aq_inContextOf' method of objects that
  support acquisition. A recent change to the access validation machinery
  made this bug begin to affect security restrictions. The bug, with the
  change to validation, made it possible to access Zope objects via
  acquisition that a user would not otherwise have access to. This issue
  could allow users with enough internal knowledge of Zope to perform actions
  higher in the object hierarchy than they should be able to.
  
  Revision  Changes    Path
  1.24      +6 -4      ports/www/zope/Makefile
  1.13      +1 -0      ports/www/zope/distinfo
  1.15      +4 -0      ports/www/zope/pkg-plist


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message