This project is mirrored from https://:*****@gitlab.archlinux.org/archlinux/aurweb.git. Pull mirroring updated .
  1. 20 Feb, 2021 1 commit
  2. 02 Nov, 2019 1 commit
  3. 07 Oct, 2019 1 commit
  4. 06 Oct, 2019 1 commit
  5. 14 Jan, 2019 1 commit
  6. 24 Feb, 2018 2 commits
  7. 18 Apr, 2017 1 commit
  8. 14 Feb, 2017 1 commit
  9. 01 Mar, 2016 1 commit
  10. 09 Feb, 2016 1 commit
  11. 13 Dec, 2015 1 commit
  12. 24 Oct, 2015 1 commit
  13. 09 Oct, 2015 1 commit
  14. 04 Oct, 2015 2 commits
  15. 03 Oct, 2015 1 commit
  16. 26 Sep, 2015 1 commit
  17. 25 Sep, 2015 1 commit
  18. 12 Sep, 2015 1 commit
    • Lukas Fleischer's avatar
      Mitigate JSONP callback vulnerabilities · 209b0b6e
      Lukas Fleischer authored
      
      
      The callback parameter of the RPC interface currently allows for
      specifying a prefix of arbitrary length of the returned result. This can
      be exploited by certain attacks.
      
      As a countermeasure, this patch restricts the allowed character set for
      the callback name to letters, digits, underscores, parenthesis and dots.
      It also limits the length of the name to 128 characters. Furthermore,
      the reflected callback name is now always prepended with "/**/", which
      is a common workaround to protect against attacks such as Rosetta Flash.
      
      Fixes FS#46259.
      Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
      209b0b6e
  19. 11 Aug, 2015 1 commit
  20. 08 Aug, 2015 5 commits
  21. 04 Jul, 2015 1 commit
  22. 27 Jun, 2015 1 commit
  23. 14 Jun, 2015 1 commit
  24. 11 Jun, 2015 1 commit
  25. 09 Jun, 2015 1 commit
  26. 27 Dec, 2014 1 commit
  27. 24 Oct, 2014 1 commit
  28. 23 Jul, 2014 1 commit
  29. 25 Jun, 2014 1 commit
  30. 31 May, 2014 1 commit
  31. 18 May, 2014 1 commit
  32. 28 Apr, 2014 3 commits