DTML scripting vulnerability in Zope. Versions 2.2.0 through 2.4.1
of Zope have a vulnerability that can allow a suitably clever attacker to
circumvent the normal Zope access control mechanism. A fix from Zope Corp. is
available which closes the hole. This vulnerability was first reported in
the October 4 LWN security
page.
This week's updates: