Delivery-Date: Tue, 19 Aug 2014 18:23:56 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 992561E0C3F;
	Tue, 19 Aug 2014 18:23:55 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 814D330DCF;
	Tue, 19 Aug 2014 22:23:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 03EC13075E
 for <tor-talk@lists.torproject.org>; Tue, 19 Aug 2014 22:23:48 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id mF2WJBA8Dvhc for <tor-talk@lists.torproject.org>;
 Tue, 19 Aug 2014 22:23:47 +0000 (UTC)
Received: from patternsinthevoid.net (greyarea.patternsinthevoid.net
 [106.187.37.158])
 by eugeni.torproject.org (Postfix) with ESMTP id A053530DB3
 for <tor-talk@lists.torproject.org>; Tue, 19 Aug 2014 22:23:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by patternsinthevoid.net (Postfix) with ESMTP id 3A3D33A1415
 for <tor-talk@lists.torproject.org>; Tue, 19 Aug 2014 22:23:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at patternsinthevoid.net
Received: from patternsinthevoid.net ([127.0.0.1])
 by localhost (greyarea.patternsinthevoid.net [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id DarKiWl_90UE for <tor-talk@lists.torproject.org>;
 Tue, 19 Aug 2014 22:23:37 +0000 (UTC)
Date: Tue, 19 Aug 2014 22:22:37 +0000
From: isis <isis@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140819222237.GX23636@patternsinthevoid.net>
References: <53F3BD25.9080608@bitmessage.ch>
MIME-Version: 1.0
In-Reply-To: <53F3BD25.9080608@bitmessage.ch>
X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt
X-Louis-Lingg: In this hope do I say to you I despise you. I despise your
 order, your laws, your force-propped authority. Hang me for it!
Subject: Re: [tor-talk] XSS on blog.torproject.org - 8 month old ticket?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============6923512440175071873=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============6923512440175071873==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="udzYTtuEmHLUHegf"
Content-Disposition: inline


--udzYTtuEmHLUHegf
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Nusenu transcribed 1.3K bytes:
> By coincidence I stumbled on a 8 months old ticket reporting a XSS
> vulnerability on blog.torproject.org - and it is still vulnerable.
> This is not exactly inspiring confidence.
>=20
> I reassigned the ticket to phobos. Lets hope that this change something.
>=20
>=20
> https://trac.torproject.org/projects/tor/ticket/10440
>=20

The best way to see a change done is to do it yourself. Also see
https://trac.torproject.org/projects/tor/ticket/10022 which probably explai=
ns
why no one has fixed the XSS.

--=20
 =E2=99=A5=E2=92=B6 isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

--udzYTtuEmHLUHegf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQMhBAEBCgELBQJT884tBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
0A8P/1F+dDtMy9Kl2PFQHE/a5mkqURy2RlIEeVi5T+LCs6/y90mcKTmmcds+dU9Q
5xHds9HpwaWHqJu3Etw3uWn0wDT8phFqyr8ZIerwrcawRyy2ou31OKGWB040jriG
d5UE5nKGBPTRrbVfkUXjgjLvz1cTdG9vy3aSHQQSglVQgZgNqwUwPdUqQiFwOctT
sgbwtbWjw10TINF2ugndGFc+COmqPU5hJrDzPkzn6OCAR4mmjMHUBLkR/nxpccym
z+uJRz13tHeEgVECZE2jbf5dJa/F39UEqVBIYC5yX4bceeOZmtkqYcsY9XKJrW5n
57Pa/1N7LuRv0gsXm3zUnfnDouODlETAvy/ziwspkVKSvV7foFb1rWrsAEW/9/o0
klUQzyzBHIVsgKOBfVngZS1n0+S0IYP9i5+cmxEu5Euq/7FOs0FCT0Bg9/s4Pxh4
XLvr6wrJcDbReSiC6J68l1KH5NTsftIi6T+KnvlDsIh9gXUWSv8WNv+xA+Ykl+cu
O2RbznpJ9Oeg0xc3FROUUASsfC3LbkDketwudjY2YzkzgGrEWabPjzSFNsq6L6Pr
E8epdqSbPp+iGZFshebO2W/csweJ6mOzZuL+TuH1kDY2iasPUsJ1rKpFkob/S/YJ
VizWzXxElvgDx/cEapCsqmdg0jHdNtNs8PlbKKeSpBeojlzZ
=mKIl
-----END PGP SIGNATURE-----

--udzYTtuEmHLUHegf--

--===============6923512440175071873==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============6923512440175071873==--

