Email or username:

Password:

Forgot your password?
Emelia's posts Post Back to profile
Emelia πŸ‘ΈπŸ»

Okay, have just submitted a PR to a fediverse project to fix a critical security vulnerability; CVE score is like 9.9/10.

More news once administrators of this servers using this project can upgrade safely.

Update: CVE was in @pixelfed, and the advisory is published here: github.com/pixelfed/pixelfed/s

8 February at 1:59 | Open on hachyderm.io
5 comments
Emelia πŸ‘ΈπŸ»

Have submitted confidentially pull requests that fix both their main branch and currently released version.

(yes, I manually backported the fix from main branch to their last release because the vulnerability is that critical to fix)

Awaiting response from the project maintainers now.

8 February at 2:36 | Open on hachyderm.io
Emelia πŸ‘ΈπŸ»

Update: working with the maintainers to release a fix ASAP, but details of the vulnerability will be embargoed until admins have had a chance to upgrade.

9 February at 0:32 | Open on hachyderm.io
Emelia πŸ‘ΈπŸ»

CVE number assigned! More news soon.

(It's my first numbered CVE πŸ₯²)

9 February at 23:15 | Open on hachyderm.io
Ian Sorensen
Emelia πŸ‘ΈπŸ»

@Oobleck congratulations somehow doesn't feel right, but getting this fixed absolutely does.

9 February at 23:26 | Open on hachyderm.io
Go Up