From c4508ae6abb9a7246336930b19b2f1b88f16f2de Mon Sep 17 00:00:00 2001 From: distix ticketing system Date: Sun, 1 Apr 2018 15:47:04 +0000 Subject: imported mails --- .../Maildir/new/1522597623.M893233P20845Q1.koom | 111 +++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 tickets/4bbc9995f89d40c59451b743be4a4811/Maildir/new/1522597623.M893233P20845Q1.koom diff --git a/tickets/4bbc9995f89d40c59451b743be4a4811/Maildir/new/1522597623.M893233P20845Q1.koom b/tickets/4bbc9995f89d40c59451b743be4a4811/Maildir/new/1522597623.M893233P20845Q1.koom new file mode 100644 index 0000000..21d2209 --- /dev/null +++ b/tickets/4bbc9995f89d40c59451b743be4a4811/Maildir/new/1522597623.M893233P20845Q1.koom @@ -0,0 +1,111 @@ +Return-Path: +X-Original-To: distix@pieni.net +Delivered-To: distix@pieni.net +Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) + by pieni.net (Postfix) with ESMTPS id 8726942E09 + for ; Sun, 1 Apr 2018 15:46:12 +0000 (UTC) +Received: from platypus.pepperfish.net (unknown [10.112.101.20]) + by yaffle.pepperfish.net (Postfix) with ESMTP id 485CE417C7 + for ; Sun, 1 Apr 2018 16:46:12 +0100 (BST) +Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) + by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) + id 1f2fBM-00058s-76; Sun, 01 Apr 2018 16:46:12 +0100 +Received: from koom.pieni.net ([88.99.190.206] helo=pieni.net) + by platypus.pepperfish.net with esmtpsa (Exim 4.80 #2 (Debian)) + id 1f2fBL-00058f-9Z + for ; Sun, 01 Apr 2018 16:46:11 +0100 +Received: from exolobe3 (62-78-212-250.bb.dnainternet.fi [62.78.212.250]) + by pieni.net (Postfix) with ESMTPSA id 9AB0E42E09 + for ; Sun, 1 Apr 2018 15:46:10 +0000 (UTC) +Message-ID: <1522597569.2971.19.camel@liw.fi> +From: Lars Wirzenius +To: ick-discuss@ick.liw.fi +Date: Sun, 01 Apr 2018 18:46:09 +0300 +In-Reply-To: <1522593545.2971.15.camel@liw.fi> +References: <1522571699.2971.5.camel@liw.fi> + <1522581877.10476.1@ssh.steve.org.uk> <1522593545.2971.15.camel@liw.fi> +X-Mailer: Evolution 3.22.6-1+deb9u1 +Mime-Version: 1.0 +X-Pepperfish-Transaction: bb2b-5528-6168-51fe +X-Pepperfish-Transaction-By: platypus +Subject: Re: What's needed before ick is ready for others to use? +X-BeenThere: ick-discuss@ick.liw.fi +X-Mailman-Version: 2.1.5 +Precedence: list +List-Id: discussions about the ick CI system +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Content-Type: multipart/mixed; boundary="===============2741052614440174831==" +Mime-version: 1.0 +Sender: ick-discuss-bounces@ick.liw.fi +Errors-To: ick-discuss-bounces@ick.liw.fi + + +--===============2741052614440174831== +Content-Type: multipart/signed; micalg="pgp-sha512"; + protocol="application/pgp-signature"; boundary="=-h+ElDqucLh3t1HSituM9" + + +--=-h+ElDqucLh3t1HSituM9 +Content-Type: text/plain; charset="UTF-8" +Content-Transfer-Encoding: quoted-printable + +On Sun, 2018-04-01 at 17:39 +0300, Lars Wirzenius wrote: +> On Sun, 2018-04-01 at 11:24 +0000, Steve Kemp wrote: +> > I suspect there is a security problem with the artifact server, but +> >=20 +> > despite reading the architecture guide I'm missing the ability to +> > confirm it. +>=20 +> Er, yes, I think you're right. The paths should be sanitised. Thanks +> for pointing that out, I will fix asap. + +It turns out that this isn't actually a hole. bottle won't match +anything with / in it in the route for a blob. Encoding it as %2F +doesn't seem to help. Thus it seems the artifact store is safe for +this. +--=-h+ElDqucLh3t1HSituM9 +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: This is a digitally signed message part +Content-Transfer-Encoding: 7bit + +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEETNTnrewG6wEE1EJ3bC+mFux6IDEFAlrA/sEACgkQbC+mFux6 +IDErJA/8C/Xwx29iza+ifTVhJ8xu9LA/9rs5ndZxNsstX1qU3ZlI236BOCpoYTUE +zHFx1cT/1qgamjZ5JSBVdXu6gAxeZG3Ije1GjPIWMZNwW1ENVjl5jmEHI3XsTFr9 +FKLumXrmx25qlcgvKhLtR/5rS2FexbsRPwaO44rcPL8sVjtW/I78yncZI4etLYgk +Up1G505rOueWbq5dSmtSXdvWW3Yqej/EfiKY5+DJzJDkp6JTd0qEpNv0n0Sxk6gW +xAZZEmUF2zh4KLuubmw8rUlaHC0DCIyCjAq76bJrnw9PQgnCLUw0O5yA2XIwuQMb +u4j0hhlOnDz++sbeiHY/xczdi6JdCOCNgqedkFhvAr5kzxM9eBLJMB6RahVfRFC0 +2eoVhGQ+30jZqa8xd82jo3yF7r+YlRgwAxtY5QSCcGHTRLs5NnjjcRnQ0Xz1+X0C +j+0CaoL4FnUmdtSDERaJX/0S5eYIpj7Rosj/43KBlvM/Z1SqOdwE1xU8XKh4EnW6 +WBUheHIPA1+YM8BdQtGqqr3akDE8ZOnO3fJWblIXSQEX4syYqxovHutHpOyq428K +lzi5+/M0fXCqkUgS6AKhf1OQPo7TITCZzbxH11I0U1N61SWxHxJsW+PNE4bidF7e +VAYigBVM5ixHRkcE7SEMx+WIzT2+Zf704hekedWkyYi8rXnk6gE= +=71z+ +-----END PGP SIGNATURE----- + +--=-h+ElDqucLh3t1HSituM9-- + + + +--===============2741052614440174831== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +_______________________________________________ +ick-discuss mailing list +ick-discuss@ick.liw.fi +https://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/ick-discuss-ick.liw.fi + +--===============2741052614440174831==-- + + -- cgit v1.2.1