Skip to content
Extraits de code Groupes Projets
Sélectionner une révision Git
  • master par défaut protégée
  • v0.7.17.0-facil
  • v0.7.16.0-facil
3 résultats
Blame Lien permanent
  • Maxwell Salzberg's avatar
    190fceaf
    [SECURITY FIX] please update your pod ASAP · 190fceaf
    Maxwell Salzberg a rédigé 
    This is a fix for public messages, where a malicious pod could spoof a message from someone a user was connected to, as the verified signatures were not checked that the object was also from said sender.  This hole only affected public messages, and the private part of code had the correct checks
THX to s-f-s(Stephan Schulz) for reporting and tracking down this issue, and props to Raven24(florian.staudacher@gmx.at) for helping me test the patch
    190fceaf
    Historique
    [SECURITY FIX] please update your pod ASAP
    Maxwell Salzberg a rédigé 
    This is a fix for public messages, where a malicious pod could spoof a message from someone a user was connected to, as the verified signatures were not checked that the object was also from said sender.  This hole only affected public messages, and the private part of code had the correct checks
THX to s-f-s(Stephan Schulz) for reporting and tracking down this issue, and props to Raven24(florian.staudacher@gmx.at) for helping me test the patch
federation_logger.rb 2,83 Kio