OpenID vulnerability in tipfy and corresponding fix

24 views
Skip to first unread message

ksachdeva

unread,
Jul 16, 2011, 12:12:46 PM7/16/11
to tipfy
Hi,

The current implementation of OpenID has a known vulnerability which
is described here :

http://openid.net/2011/05/05/attribute-exchange-security-alert/

I have cloned the tipfy repository at google code (there are so many
tipfy repositories [git, bitbucket, googlecode etc] so I do not know
if it is the right one to clone)

Here is a direct link to the changeset which shows the update to
mitigate the issue highlighted in the above link

https://code.google.com/r/ksachdeva17-tipfy/source/detail?r=5439d766954011da3da8e07f24062426e6d70dae

Regards & thanks
Kapil

Rodrigo Moraes

unread,
Jul 17, 2011, 3:16:18 AM7/17/11
to tipfy
Hi!

On Jul 16, 1:12 pm, ksachdeva wrote:
> I have cloned the tipfy repository at google code (there are so many
> tipfy repositories [git, bitbucket, googlecode etc] so I do not know
> if it is the right one to clone)

Google code is the "official" repo and the others are mirrors. I can
accept patches using any of them, though. I should drop bitbucket as
it is redundant, and keep one hg and one git repo, the git one just
for those that prefer it.

> Here is a direct link to the changeset which shows the update to
> mitigate the issue highlighted in the above link
>
> https://code.google.com/r/ksachdeva17-tipfy/source/detail?r=5439d7669...

Thank you very much. I'll apply the patch today and make a quick
release.

-- rodrigo

Rodrigo Moraes

unread,
Jul 18, 2011, 7:44:58 AM7/18/11
to tipfy
On Jul 17, 4:16 am, Rodrigo Moraes wrote:
> Thank you very much. I'll apply the patch today and make a quick
> release.

Done. 1.0b2 is out. Thanks again! :)

-- rodrigo
Reply all
Reply to author
Forward
0 new messages