Conversation
Notices
-
Embed this notice
(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:00:45 JST 
bitch
Husky_1677747305158_7DV9YHXIJ9.…-
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 02-Mar-2023 18:00:44 JST 
Fediverse Contractor
What happened? -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:13:57 JST
@bot Critical security changes in pleromer that I can't quickly merge through ssh on my phone due to the fact those fags updated mix.exs/lock and bundled frontend as well. Fediverse Contractor likes this. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 02-Mar-2023 18:15:23 JST
Fediverse Contractor
What is this capable of doing exactly? -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:15:24 JST
@pedophilesoftwareinc @bot I have no fucking idea how this shit went unnoticed for six years. At least it shouldn't be able to escape from /var/lib/pleroma due to the user/group permissions. -
Embed this notice
:SOGG: ing (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 18:15:25 JST 
:SOGG: ing
@mint @bot LOL -
Embed this notice
ew (e@masochi.st)'s status on Thursday, 02-Mar-2023 18:21:43 JST 
ew
@mint @pedophilesoftwareinc @bot close registrations immediately -
Embed this notice
:SOGG: ing (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 18:26:38 JST
:SOGG: ing
@bot @mint read/write arbitrary files via the pleroma user most likely
this was authored two months ago and only now merged
unless @tusooa can clarify and calm some FUD down
>Security: uploading HTTP endpoint can no longer create directories in the upload dirFediverse Contractor likes this. -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 18:51:20 JST
@e @pedophilesoftwareinc @bot Just came back home and updated it. Fediverse Contractor likes this. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Thursday, 02-Mar-2023 19:01:46 JST
Fediverse Contractor
It’s too late, I already hacked your server nerd. -
Embed this notice
meso (meso@asbestos.cafe)'s status on Thursday, 02-Mar-2023 19:01:47 JST 
meso
@mint @pedophilesoftwareinc @bot @pomstan wait what's the issue how to fix it -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 19:01:48 JST
@pomstan @pedophilesoftwareinc @bot No screening for ../ paths in uploader, apparently. Still not sure how it can be exploited since pleromer saves images with their hash instead of filename by default. -
Embed this notice
(mint@ryona.agency)'s status on Thursday, 02-Mar-2023 19:01:48 JST
@pomstan @bot @pedophilesoftwareinc Apparently, Pleb managed to exploit in on poast and got IP banned. -
Embed this notice
pomstan (pomstan@xn--p1abe3d.xn--80asehdb)'s status on Thursday, 02-Mar-2023 19:01:49 JST 
pomstan
@mint @pedophilesoftwareinc @bot what’s the exact issue
-
Embed this notice
:SOGG: ing (pedophilesoftwareinc@cum.salon)'s status on Thursday, 02-Mar-2023 19:01:55 JST
:SOGG: ing
@meso @mint @bot @pomstan 2.5.1 pleroma update
relative file names, might be a non issue, but god knowsFediverse Contractor likes this.
-
Embed this notice
All GNU social JP content and data are available under the 