Fwd: [vendor-sec] Updated hotfix for Plone CVE 2007-5741
Fabio Tranchitella
kobold at kobold.it
Mon Nov 19 19:50:47 UTC 2007
Hi Thijs,
* 2007-11-19 20:39, Thijs Kinkhorst wrote:
> Thanks! Can you tell me a bit more about the impact of this, what were the
> symptoms when using the previous fix?
There are two fixes:
1) The encoding for the cookies from and to base64 is done using the python
binascii module instead of the encodestring and decodestring from the base64
module. I suppose the job done by encodestring and decodestring could cause
broken HTTP headers if you run Apache or Squid in front of your Zope instance,
but I'm not sure as I didn't have such an issue on my installations.
2) The previous fix was missing a row for the monkey patching (run-time
modification of an object). Without that row, the status messages ("Your
changes have been saved" and things lake that) aren't translated.
Best regards,
--
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_____________________________________________________________________
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20071119/64e87821/attachment.pgp
More information about the pkg-zope-developers
mailing list