Email or username:

Password:

Forgot your password?
All posts r's posts Back to profile
5 posts total
r
Patch for the vulnerability in bloat that allows a malicious upstream server (Pleroma/Mastadon) to return crafted JSON data in the response of an API called by bloat to make it go out of memory and cause Denial of Service.
The attack could be performed by a malicious user by connecting to a malicious server. Technically, it doesn't have to be a Mastodon compatible server, any HTTP server that'd respond to the HTTP paths requested by bloat could work.
bloat instances running in the single instance mode are not affected assuming the specified instance doesn't serve the malicious response.
The patch applies a limit on the size of the response returned by the server, currently set to 8MiB.
https://git.freesoftwareextremist.com/bloat/commit/?id=ad38855261dca802439922f71408e2b08e7c10ea
Patch for the vulnerability in bloat that allows a malicious upstream server (Pleroma/Mastadon) to return crafted JSON data in the response of an API called by bloat to make it go out of memory and cause Denial of Service.
The attack could be performed by a malicious user by connecting to a malicious server. Technically, it doesn't have to be a Mastodon compatible server, any HTTP server that'd respond to the HTTP paths requested by bloat could work.
18 Sep 2023 at 7:04 | Open on freesoftwareextremist.com
r
Watching kids anime is actually pretty good way to practice nihongo. I watched 2 episodes of chibi maruko-chan without subtitles and it was great. The vocabulary was simple, the plot was simple so even if I don't understand a word or a sentence, it's easy enough to guess the meaning based on the context. And of course, the anime is not that interesting so I don't mind pausing and switching to a dictionary to lookup words.
26 Feb 2023 at 13:36 | Open on freesoftwareextremist.com
r
r
r
Go Up