Zope wrote: PythonScripts in Zope 2 can be misused for shutting down a complete Zope 2 instance or misused for a local denial-of-service attack. This issue affects only those Zope 2 instances where users have unrestricted access to the ZMI and the ability to edit PythonScripts. This should usually not be the case for instances where the Manager access is granted only to trusted persons.
Tupone, do these contain the fix? *zope-2.10.7 (10 Nov 2008) *zope-2.9.10 (10 Nov 2008) 10 Nov 2008; Tupone Alfredo <tupone@gentoo.org> +zope-2.9.10.ebuild, +zope-2.10.7.ebuild: Version bump to 2.9.10 and 2.10.7.
Yes. They do!
Arches, please test and mark stable: =net-zope/zope-2.9.10 =net-zope/zope-2.10.7 Target keywords : "alpha amd64 ppc sparc x86"
amd64/x86 stable
ppc stable
alpha/sparc stable
Ready for voting.
CVE-2008-5102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5102): PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
I vote NO.
Manager can shutdown application? NO!