IRC logs of #mantisbt for Saturday, 2014-11-01

« Friday, 2014-10-31 Index Sunday, 2014-11-02 »
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt00:00
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt00:02
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC00:04
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC00:05
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC00:06
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt01:50
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt01:51
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt01:52
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC01:54
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC01:56
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC01:57
travis-ciBuild #100: vboctor/mantisbt Issue17826_upload_path (05e7504) Victor Boctor - The build passed.02:11
travis-ciBuild details: http://travis-ci.org/vboctor/mantisbt/builds/3966960402:11
travis-ciCode Changes: https://github.com/vboctor/mantisbt/commit/05e7504b10ea02:11
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt03:41
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC03:45
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt05:29
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC05:33
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt06:55
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC07:27
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt07:28
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC07:33
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt08:43
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC09:13
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt09:13
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC09:18
*** dregad <dregad!~dregad@77-234.193-178.cust.bluewin.ch> has joined #mantisbt10:22
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt10:34
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt10:36
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt10:37
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC10:39
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC10:40
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC10:42
dregadpaulr you there10:45
paulr.11:09
paulrdregad: just finished helping a kid with their computing home work11:09
paulrso now sitting down to look at reamining stuff11:10
dregadpaulr did you get feedback from mitre about swapping cve's ?11:29
paulryes11:29
dregadso they're OK with it ?11:29
dregad(before I make anything public)11:30
paulryes, I just forwarded you there response11:30
dregadcheers11:30
paulr(It came whilst I was in restuarant last night - decided not to try forwarding from a mobile)11:30
paulrhave you fixed the plugin issue?11:30
dregadespecially with your "magic" forward button that sends stuff to the ML :-P11:31
dregadplugin meaning XML ?11:31
paulrstill dont know what happeend there11:31
paulryes11:31
paulralthough coudl be work filtering11:31
paulrif I use gitter from work, it doesn't show members list11:31
paulrbut at home it does11:31
dregadi have the patch ready, but while testing i found another issue which i'm working on now11:31
paulrheh11:32
paulrI find that alot ;p11:32
dregadyep11:32
dregadFYI I updated #17243 with CVE and made you reporter so you can see it11:43
paulrI met someone from sweden last night i've known online for 10 years11:45
dregadnice11:45
paulrthey insisted on paying for dinner11:45
paulr:)11:45
paulrhe was over with his kid to london11:46
dregadfancy dinner?11:46
paulrnot overly expensive, but we went to http://www.salaam-namaste.co.uk/11:48
paulrwhen you coming to london? :P11:48
dregadlooks nice11:48
paulrwindows is starting to piss me off11:49
paulr"your pc is running low on memory, shall we close firefox?"11:50
paulrAvailable RAm: 3.5GB11:50
paulractually, if you could just use the 3.5gb...11:50
dregad==> linux11:50
dregadenough said11:51
paulrswedish friend just uses mac's now11:51
paulranyway, i had 3 patches to find and send11:51
dregadok11:51
dregadi have not gone through the last batch yet11:52
paulrwell, 2 to find and 1 to work out what to do as proper fix is in 1.311:52
paulraka move to json11:52
dregadpaulr i was chatting with github support following the deletion of your mantisbt fork11:59
dregadsince that basically invalidates all the PR's you forked11:59
paulrright11:59
dregadi asked them if they could fix that11:59
dregadthey said probably yes, by restoring the fork12:00
dregadbut they can only do that "in place"12:00
dregadfor which they'd need your approval12:00
paulryea I guess could approve that12:00
dregadOK, so I'll forward you a mail, if you could reply to them it would be great12:01
paulrgonna get confusing long term anyway :)12:01
dregadwhat do you mean ?12:02
paulrwell, when I launch fork12:02
paulrI dropped other open source projects to focus on mantis12:03
dregadare you on bitbucket ?12:05
paulryes12:05
dregadi just found out they offer unlimited private repos12:05
paulrI thought it was 512:06
dregadso we can use that to share patches if you'd like12:06
dregadno12:06
dregad# of repos is unlimited12:06
dregadthey restrict the number of team members12:06
paulrI think i've got 2 accounts ;/12:07
dregadi just found a grangeway12:07
dregadi assume that's you?12:08
paulrhang on12:08
paulrtrying to work out what's me :)12:08
dregadthere's also 4 different paul richards12:09
dregadincluding a "minimoo" one which is probably you as well12:09
dregadanyway let me know which account12:09
paulrright minimoo is the one i want to use12:09
paulrpaul_richards is me, but i want to delete that12:10
paulryep got12:11
paulryou got a branch you ussing?12:11
dregadnot yet i just cloned my github fork12:11
dregadso anyway feel free to submit PRs with your patches12:12
paulrahh right12:12
paulrsee pm12:21
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt12:25
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt12:27
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt12:28
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC12:30
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC12:31
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC12:32
dregadok so i cleaned up the bitbucket fork now, leaving only the master* and work-in-progress sec branches12:43
paulrk12:53
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt14:16
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt14:18
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt14:20
*** dejale___ <dejale___!~dejalexan@87.113.26.154> has joined #mantisbt14:21
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC14:21
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt14:22
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC14:22
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC14:24
*** dejale___ <dejale___!~dejalexan@87.113.26.154> has quit IRC14:25
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC14:27
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt16:10
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt16:12
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt16:14
*** dejale___ <dejale___!~dejalexan@87.113.26.154> has joined #mantisbt16:15
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC16:15
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt16:16
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC16:16
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt16:17
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC16:18
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt16:19
*** dejale___ <dejale___!~dejalexan@87.113.26.154> has quit IRC16:19
*** dejale___ <dejale___!~dejalexan@87.113.26.154> has joined #mantisbt16:20
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC16:20
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC16:22
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC16:24
*** dejale___ <dejale___!~dejalexan@87.113.26.154> has quit IRC16:25
*** Protogenes <Protogenes!~Protogene@dslb-188-106-213-066.188.106.pools.vodafone-ip.de> has quit IRC16:47
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt18:08
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC18:13
*** Protogenes <Protogenes!~Protogene@dslb-188-106-213-066.188.106.pools.vodafone-ip.de> has joined #mantisbt18:54
* paulr wonders how to create a PR to bitbucket19:03
* paulr pokes dregad19:04
dregadmoo19:04
dregadnot sure actually, never tried before19:04
dregadwould assume you need to fork my repo19:04
dregadthen push your local changes to it19:04
dregad(aka same as github)19:04
paulrlike that maybe?19:07
dregadyep19:07
dregadthanks for that19:12
dregadhow long did it take for you to get the CVE ID back from mitre ?19:12
paulrcan you mail me the poc for swf?19:12
paulr<24 hours19:12
dregadwtf is swf ?19:12
dregad;)19:13
paulrhttp://www.mantisbt.org/bugs/file_download.php?file_id=5117&type=bug19:13
paulralso see pm19:16
dregadmail sent - not sure I understand what the deal is with this file though19:26
dregadjust to clarify - that PR you sent me contains the same fixes we discussed earlier this week (the zip file you sent me via skype ?)19:29
* dregad pings paulr19:29
paulryes19:35
GitHub[mantisbt] dregad pushed 1 new commit to master-1.2.x: http://git.io/M5Kejw19:40
GitHubmantisbt/master-1.2.x 99ffb0a Damien Regad: SQL injection in mc_project_get_attachments()...19:40
GitHub[mantisbt] dregad pushed 1 new commit to master: http://git.io/rsIrbQ19:40
GitHubmantisbt/master 5faf97a Damien Regad: SQL injection in mc_project_get_attachments()...19:40
*** Ragnor <Ragnor!~Ragnor@dslb-146-060-184-044.146.060.pools.vodafone-ip.de> has quit IRC19:50
*** Ragnor <Ragnor!~Ragnor@dslb-094-221-078-034.094.221.pools.vodafone-ip.de> has joined #mantisbt19:51
*** blue6storm <blue6storm!29da9daf@gateway/web/freenode/ip.41.218.157.175> has joined #mantisbt19:57
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt19:57
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt19:58
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has joined #mantisbt20:00
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC20:02
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt20:03
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC20:03
paulrdregad: btw, not quire sure i understand that oss-seclist ;)20:04
paulrit seems to me you'd want to email mitre directly, then email oss-sec after20:05
*** dejalex__ <dejalex__!~dejalexan@87.113.26.154> has quit IRC20:05
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC20:08
dregadyou're talking about the SQL vulnerability ?20:12
dregadsince i pushed the fix, it's now public so I don't see any reason to mail mitre privately and not the public list20:14
paulrI meant in general20:24
*** blue6storm <blue6storm!29da9daf@gateway/web/freenode/ip.41.218.157.175> has quit IRC20:27
dregadit's a way to announce vuln to the public I guess20:29
dregadso yes, 1. mitre and 2. oss-sec20:29
dregadwhat's your point20:30
paulrmitre seem to suggest going to others and not them directly20:30
dregadthat's just because they're lazy I guess ;)20:31
dregadwhich I suppose is the reason why the dhx told me to mail oss-sec20:32
dregadand consequently I wrote http://www.mantisbt.org/wiki/doku.php/mantisbt:handling_security_problems#obtaining_a_cve_id20:32
dregadto document the process20:33
dregadsee also http://oss-security.openwall.org/wiki/mailing-lists/oss-security20:34
dregadanyway doesn't matter that much20:34
dregadit's way too late (again) so going to bed now20:34
dregadgood nite20:34
paulrnn20:38
*** dregad <dregad!~dregad@77-234.193-178.cust.bluewin.ch> has quit IRC20:49
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt21:51
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has joined #mantisbt21:52
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC21:56
*** dejalexa_ <dejalexa_!~dejalexan@87.113.26.154> has quit IRC21:57
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has joined #mantisbt23:41
*** dejalexander <dejalexander!~dejalexan@87.113.26.154> has quit IRC23:45
« Friday, 2014-10-31 Index Sunday, 2014-11-02 »

Generated by irclog2html.py 2.13.0 by Marius Gedminas - find it at mg.pov.lt!