From owner-cvs-all Sat Mar 23 2: 4:33 2002 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E5A2937B404; Sat, 23 Mar 2002 02:04:29 -0800 (PST) Received: (from nbm@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2NA4T266413; Sat, 23 Mar 2002 02:04:29 -0800 (PST) (envelope-from nbm) Message-Id: <200203231004.g2NA4T266413@freefall.freebsd.org> From: Neil Blakey-Milner Date: Sat, 23 Mar 2002 02:04:29 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/zope Makefile distinfo pkg-plist X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG nbm 2002/03/23 02:04:29 PST Modified files: www/zope Makefile distinfo pkg-plist Log: Implement the HotFix described at http://www.zope.org/Products/Zope/Hotfix_2002-03-01/README.txt which says: ``The issue involves the checking of security for objects with proxy roles. The context of the owner user that created the object with proxy roles was not being taken into account when determining access to the object with proxy roles. This flaw could allow users defined in subfolders of a site with sufficient privileges to access objects at higher levels in the site that they would not normally be able to access.'' PR: 36103 Submitted by: HAYASHI Yasushi Revision Changes Path 1.35 +6 -3 ports/www/zope/Makefile 1.22 +1 -0 ports/www/zope/distinfo 1.26 +4 -0 ports/www/zope/pkg-plist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message