Emily! :Blobhaj_Witch_Broom: on Nostr: FYI: found a security bug within HTTPsh’s data storage system; I blame GNU and ...
FYI: found a security bug within HTTPsh’s data storage system; I blame GNU and absolutely stupid differences between sed and sed -E (the latter will treat s/\x2a// the same as s/*//, which undid a whole layer of security I had in place).
Disclosure here: https://git.sakamoto.pl/laudom/http.sh/src/branch/master/docs/sec-fixes/2024-12-15_notORM.md (experimenting with how to disclose those, feedback welcome)
Project SERVFAIL was affected, but there weren’t any exploitation attempts. Your data is safe.
Disclosure here: https://git.sakamoto.pl/laudom/http.sh/src/branch/master/docs/sec-fixes/2024-12-15_notORM.md (experimenting with how to disclose those, feedback welcome)
Project SERVFAIL was affected, but there weren’t any exploitation attempts. Your data is safe.