VULHUB ™

Red Hat Security Advisory - Vulnerabilities exist with all Zope-2.0 releases - This HotFix corrects issues in the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing.

Red Hat Security Advisory - Vulnerabilities exist with all Zope-2.0 releases - This HotFix corrects issues in the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing.