On 2018-09-02 17:08:09, Brian May wrote:
> Antoine Beaupré writes:
>
>> What do you think? Should we push this forward?
>
> I am somewhat concerned that by fixing this we might be breaking
> something. Even if it is 100% broken behaviour, maybe some application
> depends on this?
>
> Is the
Antoine Beaupré writes:
> What do you think? Should we push this forward?
I am somewhat concerned that by fixing this we might be breaking
something. Even if it is 100% broken behaviour, maybe some application
depends on this?
Is the potential attack bad enough to justify potential breakage? I
On 2018-08-29 12:23:54, Brian May wrote:
> Antoine Beaupré writes:
>
>> On 2018-08-08 17:35:52, Brian May wrote:
>>> If I got this right, we cannot use $(xyz) unless the value of xyz is
>>> trusted. Otherwise executing $(xyz) can result in the execution of code
>>> if xyz is something like "".
Antoine Beaupré writes:
> On 2018-08-08 17:35:52, Brian May wrote:
>> If I got this right, we cannot use $(xyz) unless the value of xyz is
>> trusted. Otherwise executing $(xyz) can result in the execution of code
>> if xyz is something like "". This
>> happens immediately, and even if you don't
On 2018-08-08 17:35:52, Brian May wrote:
> If I got this right, we cannot use $(xyz) unless the value of xyz is
> trusted. Otherwise executing $(xyz) can result in the execution of code
> if xyz is something like "". This
> happens immediately, and even if you don't use the return value.
>
>
> I
On Thu, 2018-08-09 at 16:57 +1000, Brian May wrote:
> I could still ping the host, so probably not a routing problem.
Next time try connecting to port 80/443 on the IP address without
sending any data. That would eliminate a HTTP-layer issue.
> Looks like I can connect today however, so maybe
Paul Wise writes:
> The site has been moved to MaxCDN so it is likely that they have
> blackholed your network or there is some sort of routing issue between
> you and their local node.
I could still ping the host, so probably not a routing problem.
Looks like I can connect today however, so
On Wed, Aug 8, 2018 at 3:35 PM, Brian May wrote:
> Sidenote: Curiously I cannot connect to
> https://security-tracker.debian.org/ today from this machine on this
> network... Connections always time out. Probably something weird with my
> network, however other webpages appear to be fine. If I