OpenID vulnerability in tipfy and corresponding fix
24 views
Skip to first unread message
ksachdeva
Jul 16, 2011, 12:12:46 PM7/16/11
to tipfy
Hi,
The current implementation of OpenID has a known vulnerability which
is described here :
http://openid.net/2011/05/05/attribute-exchange-security-alert/
I have cloned the tipfy repository at google code (there are so many
tipfy repositories [git, bitbucket, googlecode etc] so I do not know
if it is the right one to clone)
Here is a direct link to the changeset which shows the update to
mitigate the issue highlighted in the above link
https://code.google.com/r/ksachdeva17-tipfy/source/detail?r=5439d766954011da3da8e07f24062426e6d70dae
Regards & thanks
Kapil
The current implementation of OpenID has a known vulnerability which
is described here :
http://openid.net/2011/05/05/attribute-exchange-security-alert/
I have cloned the tipfy repository at google code (there are so many
tipfy repositories [git, bitbucket, googlecode etc] so I do not know
if it is the right one to clone)
Here is a direct link to the changeset which shows the update to
mitigate the issue highlighted in the above link
https://code.google.com/r/ksachdeva17-tipfy/source/detail?r=5439d766954011da3da8e07f24062426e6d70dae
Regards & thanks
Kapil
Rodrigo Moraes
Jul 17, 2011, 3:16:18 AM7/17/11
to tipfy
Hi!
On Jul 16, 1:12 pm, ksachdeva wrote:
> I have cloned the tipfy repository at google code (there are so many
> tipfy repositories [git, bitbucket, googlecode etc] so I do not know
> if it is the right one to clone)
Google code is the "official" repo and the others are mirrors. I can
accept patches using any of them, though. I should drop bitbucket as
it is redundant, and keep one hg and one git repo, the git one just
for those that prefer it.
> Here is a direct link to the changeset which shows the update to
> mitigate the issue highlighted in the above link
>
> https://code.google.com/r/ksachdeva17-tipfy/source/detail?r=5439d7669...
Thank you very much. I'll apply the patch today and make a quick
release.
-- rodrigo
On Jul 16, 1:12 pm, ksachdeva wrote:
> I have cloned the tipfy repository at google code (there are so many
> tipfy repositories [git, bitbucket, googlecode etc] so I do not know
> if it is the right one to clone)
accept patches using any of them, though. I should drop bitbucket as
it is redundant, and keep one hg and one git repo, the git one just
for those that prefer it.
> Here is a direct link to the changeset which shows the update to
> mitigate the issue highlighted in the above link
>
Thank you very much. I'll apply the patch today and make a quick
release.
-- rodrigo
Rodrigo Moraes
Jul 18, 2011, 7:44:58 AM7/18/11
to tipfy
On Jul 17, 4:16 am, Rodrigo Moraes wrote:
> Thank you very much. I'll apply the patch today and make a quick
> release.
Done. 1.0b2 is out. Thanks again! :)
> Thank you very much. I'll apply the patch today and make a quick
> release.
-- rodrigo
Reply all
Reply to author
Forward
0 new messages