| emgent | hello there. | 02:30 |
|---|---|---|
| emgent | newz2000: ping bout Bug 247612 | 02:31 |
| ubot3 | emgent: Bug 247612 on http://launchpad.net/bugs/247612 is private | 02:31 |
| emgent | s/bout/about/ | 02:31 |
| pierrelourens | hello | 03:14 |
| newz2000 | h I emgent, I see it | 03:27 |
| newz2000 | did you find this on your own or is this a widely known problem? | 03:27 |
| emgent | 0dd. | 03:28 |
| newz2000 | ok, thanks for reporting it privately | 03:29 |
| newz2000 | emgent: has this been reported to MoinMoin team? | 03:30 |
| newz2000 | (that you know of) | 03:30 |
| emgent | http://moinmoin.wikiwikiweb.de/?action=fullsearch&context=180&value=XSS&titlesearch=Titoli | 03:31 |
| emgent | know issue do not include it. | 03:31 |
| emgent | newz2000: what version of moinmoin is up on help.u.c ? | 03:33 |
| newz2000 | 1.6.3 | 03:33 |
| emgent | moin 1.6.3 | 03:35 |
| emgent | None yet. | 03:35 |
| emgent | http://moinmo.in/SecurityFixes | 03:35 |
| emgent | newz2000: seems that upstream it`snt vulnerable | 03:36 |
| emgent | ok it is. | 03:38 |
| newz2000 | it is vulnerable? | 03:38 |
| newz2000 | they're running 1.7.0 on moinmo.in | 03:38 |
| emgent | moinmo.in is vulnerable. | 03:40 |
| emgent | moinmoin.wikiweb.de is not because is in read-only mode. | 03:41 |
| emgent | but generally it`s a 0day bug. | 03:41 |
| newz2000 | emgent: how did you discover it? | 03:41 |
| emgent | newz2000: my box | 03:41 |
| emgent | auditing. | 03:41 |
| emgent | newz2000: http://launchpad.net/~ubuntu-whitehat | 03:42 |
| pierrelourens | newz2000, Do you ever stop working? ;) | 03:42 |
| newz2000 | I hate it when this stuff happens on a Friday night. I'm going to have to call someone and wake them up | 03:42 |
| newz2000 | pierrelourens: I checked back in to publish the announcement for alpha 2 release | 03:42 |
| emgent | newz2000: anyway if for you it`s ok i will talk with upstream for try to coordinate a fix and advisory. | 03:43 |
| newz2000 | yes, please do | 03:43 |
| newz2000 | discretely, white-hatish of course. | 03:44 |
| newz2000 | like with us, and thanks. :-) | 03:44 |
| emgent | sure :) | 03:44 |
| emgent | newz2000: np, it`s funny for me :) | 03:44 |
| emgent | newz2000: anyway why we dont use mod-security ? | 03:49 |
| newz2000 | I don't know, this server is not actually under my control, I just maintain its theme | 03:50 |
| emgent | ah ok | 03:50 |
| newz2000 | but I have the cell phone # of the person who is in control | 03:50 |
| newz2000 | I'm having some people on our team look at it to decide the level of risk | 03:50 |
| emgent | Rick Clark ? | 03:50 |
| newz2000 | no, but I should try him since he's in my time zone | 03:50 |
| newz2000 | or near it | 03:51 |
| emgent | anyway dont worry | 03:51 |
| emgent | it`s a low risk | 03:51 |
| emgent | now it`s 0day. | 03:51 |
| emgent | big idle in moin-dev argh | 03:52 |
| newz2000 | yeah, everyon'es in europe | 03:53 |
| emgent | me too :) | 03:53 |
| emgent | here 4.53 am | 03:53 |
| emgent | pierrelourens: please fix your client :) | 04:11 |
| pierrelourens | it's fixed. I was messing with crap :) | 04:12 |
| emgent | heheh | 04:12 |
| pierrelourens | xchat was wonky | 04:12 |
| emgent | switch to irssi | 04:13 |
| newz2000 | emgent: there are better places to harass people than #ubuntu-website | 04:13 |
| newz2000 | if you don't mind :-) | 04:14 |
| emgent | heheh sorry newz2000 :) | 04:14 |
| pierrelourens | I didn't feel harassed, for the record | 04:14 |
| pierrelourens | :) | 04:14 |
| melat0nin | lol @ 'bragging rights' in EDGE -- why would someone brag about their timezone? | 10:23 |
| melat0nin | newz2000: i'm going to spend alittle time now looking through the ubuntu site for any typos etc. How big does somethng need to be before it should be reported as a bug? | 14:58 |
| melat0nin | for example: http://www.ubuntu.com/support - under Buy Professional Support Services, the first sentence should really be two sentences. The placement of the comma is wrong grammatically. | 14:59 |
| newz2000 | melat0nin: hi, if you think it needs fixed, go ahead and report it and we'll make get it resolved. Trick is to try and put the right amount of info in the bug report so that a fix can be applied as simply as posible. | 16:05 |
| melat0nin | newz2000: okay will do | 16:06 |
| melat0nin | newz2000: I don't want to tread on people's toes by submitting lots of style-related bugs, but there are some areas where the ubuntu.com website text is not good at all (even if it's grammatically correct) from a writing-for-the-web point of view | 18:04 |
| melat0nin | Is there anything I can do to help this? I'm very conscious of the risk of offending people | 18:04 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!