Okay, have just submitted a PR to a fediverse project...

All posts Emelia's posts Post Back to profile

Okay, have just submitted a PR to a fediverse project to fix a critical security vulnerability; CVE score is like 9.9/10.

More news once administrators of this servers using this project can upgrade safely.

Update: CVE was in @pixelfed, and the advisory is published here: https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf

Like 8 February at 1:59 | Open on hachyderm.io

5 comments

Emelia 👸🏻

Have submitted confidentially pull requests that fix both their main branch and currently released version.

(yes, I manually backported the fix from main branch to their last release because the vulnerability is that critical to fix)

Awaiting response from the project maintainers now.

8 February at 2:36 | Open on hachyderm.io

Emelia 👸🏻

Update: working with the maintainers to release a fix ASAP, but details of the vulnerability will be embargoed until admins have had a chance to upgrade.

9 February at 0:32 | Open on hachyderm.io

Emelia 👸🏻

CVE number assigned! More news soon.

(It's my first numbered CVE 🥲)

9 February at 23:15 | Open on hachyderm.io

Ian Sorensen

@thisismissem Congratulations!

9 February at 23:25 | Open on defcon.social

Emelia 👸🏻

@Oobleck congratulations somehow doesn't feel right, but getting this fixed absolutely does.

9 February at 23:26 | Open on hachyderm.io

Go Up