Support / Security / Advisories / Mandrakelinux 7.1 / MDKSA-2000:035

Package name: Zope
Date: 2000-08-16
Advisory ID: MDKSA-2000:035
Affected versions: 7.1 i586

Problem description

A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request process.

Updated packages

7.1 i586

 fe4e1f82ed6167585ed6c6afb68e8cee  7.1/RPMS/Zope-2.1.6-2mdk.i586.rpm
7a429bb87e331e3e49a1d356c13c89e5  7.1/RPMS/Zope-components-2.1.6-2mdk.i586.rpm
abfc5fa12c632e5aed25685187f6013f  7.1/RPMS/Zope-core-2.1.6-2mdk.i586.rpm
ebfc5919455ad30bd600dd927215de9d  7.1/RPMS/Zope-pcgi-2.1.6-2mdk.i586.rpm
0177a677584d246982b0b5a78e46156e  7.1/RPMS/Zope-services-2.1.6-2mdk.i586.rpm
0583790773b5b8da6cecf014e302f77f  7.1/RPMS/Zope-zpublisher-2.1.6-2mdk.i586.rpm
2634f0fc9acf486d0943261ba08e8331  7.1/RPMS/Zope-zserver-2.1.6-2mdk.i586.rpm
215234484e1fde0a5f2f85d70e4048b0  7.1/RPMS/Zope-ztemplates-2.1.6-2mdk.i586.rpm
4a8505637b762d1f03623924e386a908  7.1/SRPMS/Zope-2.1.6-2mdk.src.rpm