Bugs Fixed:

- CVE-2009-2701: Fixed a vulnerability in ZEO storage servers when
  blobs are available. Someone with write access to a ZEO server
  configured to support blobs could read any file on the system
  readable by the server process and remove any file removable by the
  server process.

NEWS.txt

@@ -10,6 +10,12 @@ New Feature:
 
 Bugs Fixed:
 
+- CVE-2009-2701: Fixed a vulnerability in ZEO storage servers when
+  blobs are available. Someone with write access to a ZEO server
+  configured to support blobs could read any file on the system
+  readable by the server process and remove any file removable by the
+  server process.
+
 - Fixed ``NameError`` in cases where a directory cannot be created,
   e.g. when the necessary permissions are missing.
 

setup.py

@@ -20,7 +20,7 @@ to application logic.  ZODB includes features such as a plugable storage
 interface, rich transaction support, and undo.
 """
 
-VERSION = "3.8.3dev"
+VERSION = "3.8.3"
 
 # The (non-obvious!) choices for the Trove Development Status line:
 # Development Status :: 5 - Production/Stable

src/ZEO/StorageServer.py

@@ -542,6 +542,16 @@ class ZEOStorage:
 
     def storeBlobShared(self, oid, serial, data, filename, version, id):
         # Reconstruct the full path from the filename in the OID directory
+        if (os.path.sep in filename
+            or not (filename.endswith('.tmp')
+                    or filename[:-1].endswith('.tmp')
+                    )
+            ):
+            logger.critical(
+                "We're under attack! (bad filename to storeBlobShared, %r)",
+                filename)
+            raise ValueError(filename)
+
         filename = os.path.join(self.storage.fshelper.getPathForOID(oid),
                                 filename)
         self.blob_log.append((oid, serial, data, filename, version))