=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2006/VULN386
_____________________________________________________________________

DATE                      : 07/07/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Zope 2.

======================================================================

http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html

----------------------------------------------------------------------

We have recently discovered that there are (still) very serious security
problems with the integration of reStructured Text (docutils) into
Zope 2.

We have prepared a hot fix for this problem:

    http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/

See:
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/
README.txt
for installation instructions.

It is important to install this hotfix as soon as possible.

This fix will disable the reStructuredText 'raw' directive.

Much thanks goes to Tres Seaver for analyzing the problem and
developing the hotfix!

Jim

--
Jim Fulton			
mailto:jim at zope.com		

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================