New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Contact for security issue #318

Closed
chb9 opened this Issue Sep 14, 2017 · 17 comments

Comments

4 participants
@chb9

chb9 commented Sep 14, 2017

Hi,

I've found a serious security issue in BlogoText 3.7.5.

@remrem How can I contact (email) you privately?

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 14, 2017

Contributor

Hi,
just created : contact at blogotext.org

Contributor

remrem commented Sep 14, 2017

Hi,
just created : contact at blogotext.org

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 16, 2017

Contributor

Hi @chb9 ,
I did not receive your email, did you have time to send it?

Contributor

remrem commented Sep 16, 2017

Hi @chb9 ,
I did not receive your email, did you have time to send it?

@chb9

This comment has been minimized.

Show comment
Hide comment
@chb9

chb9 Sep 16, 2017

@remrem I just sent the mail again. Did you receive it?

chb9 commented Sep 16, 2017

@remrem I just sent the mail again. Did you receive it?

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 16, 2017

Contributor

Yep !, My bad, mail filtering ...

Thank for this report, I take a look on it right now !

Contributor

remrem commented Sep 16, 2017

Yep !, My bad, mail filtering ...

Thank for this report, I take a look on it right now !

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 16, 2017

Contributor

Ok, security issue confirmed.
A big thank-you to you @chb9 for this issue, you rock!

I'll do my best to quickly push a fix and let the community know about the fix.

@chb9, If you plan to release this issue to the public domain, can you wait some time to let the community update theirs BlogoText ?
And I think you deserve a place in CONTRIBUTORS if you want (I let you push a commit).

Contributor

remrem commented Sep 16, 2017

Ok, security issue confirmed.
A big thank-you to you @chb9 for this issue, you rock!

I'll do my best to quickly push a fix and let the community know about the fix.

@chb9, If you plan to release this issue to the public domain, can you wait some time to let the community update theirs BlogoText ?
And I think you deserve a place in CONTRIBUTORS if you want (I let you push a commit).

@B4rb3rouss

This comment has been minimized.

Show comment
Hide comment
@B4rb3rouss

B4rb3rouss Sep 16, 2017

Contributor

I'm very curious to know more about this issue.

Thank you for reporting.

Contributor

B4rb3rouss commented Sep 16, 2017

I'm very curious to know more about this issue.

Thank you for reporting.

@chb9

This comment has been minimized.

Show comment
Hide comment
@chb9

chb9 Sep 17, 2017

If you plan to release this issue to the public domain, can you wait some time to let the community update theirs BlogoText ?

Of course. I will also request a CVE ID after you fix that issue.

And I think you deserve a place in CONTRIBUTORS if you want (I let you push a commit).

Thank you.

chb9 commented Sep 17, 2017

If you plan to release this issue to the public domain, can you wait some time to let the community update theirs BlogoText ?

Of course. I will also request a CVE ID after you fix that issue.

And I think you deserve a place in CONTRIBUTORS if you want (I let you push a commit).

Thank you.

@remrem remrem added this to the 3.7.6 milestone Sep 17, 2017

@chb9

This comment has been minimized.

Show comment
Hide comment
@chb9

chb9 Sep 29, 2017

@remrem When do you plan to fix this issue and release a new version?

chb9 commented Sep 29, 2017

@remrem When do you plan to fix this issue and release a new version?

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 29, 2017

Contributor

@chb9 Tomorrow. Not enough time in the last few days :/

Contributor

remrem commented Sep 29, 2017

@chb9 Tomorrow. Not enough time in the last few days :/

@BoboTiG

This comment has been minimized.

Show comment
Hide comment
@BoboTiG

BoboTiG Sep 30, 2017

Collaborator

@remrem do you want I take a look?

Collaborator

BoboTiG commented Sep 30, 2017

@remrem do you want I take a look?

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 30, 2017

Contributor

@BoboTiG I'm working on this right now ;)

Contributor

remrem commented Sep 30, 2017

@BoboTiG I'm working on this right now ;)

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Sep 30, 2017

Contributor

Fixed version
Again, thank you @chb9 ! If you need an official comment or documentation for your CVE ID request, @BoboTiG and me are here ;)

Contributor

remrem commented Sep 30, 2017

Fixed version
Again, thank you @chb9 ! If you need an official comment or documentation for your CVE ID request, @BoboTiG and me are here ;)

@B4rb3rouss

This comment has been minimized.

Show comment
Hide comment
@B4rb3rouss

B4rb3rouss Oct 1, 2017

Contributor

Thank you :)

Contributor

B4rb3rouss commented Oct 1, 2017

Thank you :)

@chb9

This comment has been minimized.

Show comment
Hide comment
@chb9

chb9 Oct 1, 2017

@remrem Thank you, I've requested a CVE ID and let you know as soon as I have it.

chb9 commented Oct 1, 2017

@remrem Thank you, I've requested a CVE ID and let you know as soon as I have it.

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Oct 1, 2017

Contributor

Ok, I close this issue.

Contributor

remrem commented Oct 1, 2017

Ok, I close this issue.

@remrem remrem closed this Oct 1, 2017

@chb9

This comment has been minimized.

Show comment
Hide comment
@chb9

chb9 Oct 1, 2017

CVE-2017-14957 has been assigned for this issue.

chb9 commented Oct 1, 2017

CVE-2017-14957 has been assigned for this issue.

@remrem

This comment has been minimized.

Show comment
Hide comment
@remrem

remrem Oct 1, 2017

Contributor

@chb9, thank you ;)
I've just update the release description

Contributor

remrem commented Oct 1, 2017

@chb9, thank you ;)
I've just update the release description

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment