1. 09 Sep, 2009 3 commits
  2. 08 Sep, 2009 3 commits
  3. 02 Sep, 2009 1 commit
  4. 01 Sep, 2009 3 commits
    • Jim Fulton's avatar
      Bugs Fixed · cc266648
      Jim Fulton authored
      ----------
      
      - The helper function ZODB.blob.is_blob_record didn't handle having
        None passed to it, but database "delete" records have None for their
        data.
      cc266648
    • Jim Fulton's avatar
      Bugs Fixed · 86a2eab6
      Jim Fulton authored
      - CVE-2009-2701: Fixed a vulnerability in ZEO storage servers when
        blobs are available. Someone with write access to a ZEO server
        configured to support blobs could read any file on the system
        readable by the server process and remove any file removable by the
        server process.
      86a2eab6
    • Benji York's avatar
      fix typos · 0b22c9f8
      Benji York authored
      0b22c9f8
  5. 28 Aug, 2009 1 commit
  6. 27 Aug, 2009 3 commits
  7. 26 Aug, 2009 7 commits
  8. 25 Aug, 2009 2 commits
  9. 24 Aug, 2009 7 commits
  10. 23 Aug, 2009 4 commits
  11. 22 Aug, 2009 3 commits
  12. 20 Aug, 2009 2 commits
  13. 13 Aug, 2009 1 commit
    • Jim Fulton's avatar
      Bugs Fixed: · 4490c04a
      Jim Fulton authored
      - Fixed vulnerabilities in the ZEO network protocol that allow:
      
      CVE-2009-0668 Arbitrary Python code execution in ZODB ZEO storage servers
        CVE-2009-0669 Authentication bypass in ZODB ZEO storage servers
      
      - Limit the number of object ids that can be allocated at once to
        avoid running out of memory.
      4490c04a