pidgin/nest

Fix some issues found in review

20 months ago, Gary Kramlich
7571fe2f78df
Parents 60cb92d64448
Children a74b7c49795b
Fix some issues found in review
--- a/hugo/archetypes/cve.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/archetypes/cve.md Fri Jan 31 03:56:36 2020 -0600
@@ -1,13 +1,12 @@
---
title: {{ .Name }}
cveNumber:
-talkasReportId:
+talosReportId:
date: {{ .Date }}
summary:
discoveredBy:
fixedInRelease:
fixedInRevision:
-
draft: true
hidden: true
type: security
--- a/hugo/content/about/security/_index.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/_index.md Fri Jan 31 03:56:36 2020 -0600
@@ -17,7 +17,7 @@
## Reporting a Security-related Issue
If you believe you have discovered a security problem or vulnerability in
-Pidgin, libpurple, finch, or one of our related projects, please let us know
+Pidgin, libpurple, Finch, or one of our related projects, please let us know
by emailing [security@pidgin.im](mailto:security@pidgin.im).
In order to help us fix the problem as quickly as possible and with as little
@@ -31,7 +31,7 @@
tell us what you do know.
* A way to contact you or your organization.
-* The version of Pidgin, libpurple, finch, or other package in which the
+* The version of Pidgin, libpurple, Finch, or other package in which the
problem was discovered.
* A concise description of the problem, including a summary of why you believe
it is security-critical. This might be, for example, "Receipt of an invalid
--- a/hugo/content/about/security/advisories/cve-2004-0500-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0500-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -5,7 +5,6 @@
summary: MSN strncpy buffer overflow
discoveredBy: Sebastian Krahmer, SUSE Security Team
fixedInRelease: 0.82
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/cve-2004-0754-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0754-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,10 +3,9 @@
date: 2004-08-26T00:00:00.000Z
cveNumber: cve-2004-0754
summary: Groupware message receive integer overflow
-discoveredBy: Sean ("infamous42md\")
+discoveredBy: Sean (infamous42md)
fixedInRelease: 0.82
fixedInRevision:
-
hidden: true
type: security
layout: cve
--- a/hugo/content/about/security/advisories/cve-2004-0784-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0784-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -5,7 +5,6 @@
summary: Smiley theme installation lack of escaping
discoveredBy: A Gaim Crazy Patch Writer
fixedInRelease: 0.82
-
hidden: true
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/cve-2004-0785-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0785-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,9 +3,8 @@
date: 2004-08-26T00:00:00.000Z
cveNumber: cve-2004-0785
summary: URL decode buffer overflow
-discoveredBy: Sean ("infamous42md")
+discoveredBy: Sean (infamous42md)
fixedInRelease: 0.82
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/cve-2004-0785-01.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0785-01.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,9 +3,8 @@
date: 2004-08-26T00:00:00.000Z
cveNumber: cve-2004-0785
summary: Local hostname resolution buffer overflow
-discoveredBy: Sean ("infamous42md")
+discoveredBy: Sean (infamous42md)
fixedInRelease: 0.82
-
type: security
layout: cve
hidden: true
@@ -13,8 +12,8 @@
### Description
-Buffer overflow. If the local computers host name is not in /etc/hosts, and
-the computer performs a DNS query to obtain it's hostname when signing on to
+Buffer overflow. If the local computer's host name is not in /etc/hosts, and
+the computer performs a DNS query to obtain its hostname when signing on to
zephyr, it could receive a reply with a hostname greater than `MAXHOSTNAMELEN`
(generally 64 bytes). If `gethostbyname()` does not ensure the size of
`hostent->h_name` is less than `MAXHOSTNAMELEN`, this value would be copied to
--- a/hugo/content/about/security/advisories/cve-2004-0785-02.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2004-0785-02.md Fri Jan 31 03:56:36 2020 -0600
@@ -3,9 +3,8 @@
date: 2004-08-26T00:00:00.000Z
cveNumber: cve-2004-0785
summary: RTF message buffer overflow
-discoveredBy: Sean ("infamous42md")
+discoveredBy: Sean (infamous42md)
fixedInRelease: 0.82
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/cve-2016-2375-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2016-2375-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -6,7 +6,6 @@
summary: Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability
discoveredBy: Yves Younan of Cisco Talos
fixedInRelease: 2.11.0
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/cve-2017-2640-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/cve-2017-2640-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -6,7 +6,6 @@
summary: Out-of-bounds write when stripping xml
discoveredBy: Joseph Bisch
fixedInRelease: 2.12.0
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/independent-20040826-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20040826-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -4,9 +4,8 @@
cveNumber:
talosReportId:
summary: Content-length DOS (malloc error)
-discoveredBy: Sean ("infamous42md")
+discoveredBy: Sean (infamous42md)
fixedInRelease: 0.82
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/independent-20041019-00.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20041019-00.md Fri Jan 31 03:56:36 2020 -0600
@@ -6,7 +6,6 @@
summary: MSN File transfer DOS (malloc error)
discoveredBy: Gaim
fixedInRelease: 1.0.2
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/independent-20041019-01.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20041019-01.md Fri Jan 31 03:56:36 2020 -0600
@@ -4,7 +4,6 @@
summary: MSN SLP DOS (malloc error)
discoveredBy: Gaim
fixedInRelease: 1.0.2
-
type: security
layout: cve
hidden: true
--- a/hugo/content/about/security/advisories/independent-20041019-02.md Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/content/about/security/advisories/independent-20041019-02.md Fri Jan 31 03:56:36 2020 -0600
@@ -4,7 +4,6 @@
summary: MSN SLP buffer overflow
discoveredBy: Gaim
fixedInRelease: 1.0.2
-
type: security
layout: cve
hidden: true
--- a/hugo/layouts/security/advisories.html Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/layouts/security/advisories.html Fri Jan 31 03:56:36 2020 -0600
@@ -3,13 +3,13 @@
{{ .Content }}
{{- range .Pages.GroupByDate "2006-01-02" -}}
- <h3>{{ .Key }}</h3>
+<h3>{{ .Key }}</h3>
{{- range .Pages -}}
- <h4><a href="{{ .Permalink }}">{{ .Summary }}</a></h4>
- <ul>
- {{- if .Param "cveNumber" }}<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{ .Param "cveNumber" | upper }}">{{ .Param "cveNumber" | upper }}</a></li>{{ end -}}
- {{- if .Param "talosReportId" }}<li><a href="https://talosintelligence.com/vulnerability_reports/{{ .Param "talosReportId" | upper }}">{{ .Param "talosReportId" | upper }}</a></li>{{ end -}}
- </ul>
+<h4><a href="{{ .RelPermalink }}">{{ .Param "summary" }}</a></h4>
+<ul>
+ {{- if .Param "cveNumber" }}<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{ .Param "cveNumber" | upper }}">{{ .Param "cveNumber" | upper }}</a></li>{{ end -}}
+ {{- if .Param "talosReportId" }}<li><a href="https://talosintelligence.com/vulnerability_reports/{{ .Param "talosReportId" | upper }}">{{ .Param "talosReportId" | upper }}</a></li>{{ end -}}
+</ul>
{{- end -}}
{{- end -}}
--- a/hugo/layouts/security/cve.html Sat Jan 18 10:32:21 2020 -0600
+++ b/hugo/layouts/security/cve.html Fri Jan 31 03:56:36 2020 -0600
@@ -1,43 +1,43 @@
{{ partial "header.html" . }}
{{- if and (eq (trim (.Param "cveNumber") " ") "") (eq (trim (.Param "talosReportId") " ") "") -}}
- <p><em><b>NOTE:</b></em> This issue was not reported to a security reporting body.</p>
+<p><em><b>NOTE:</b></em> This issue was not reported to a security reporting body.</p>
{{- end -}}
<table>
<tbody>
<tr>
- <td>Summary</td>
+ <th>Summary</th>
<td>{{ .Param "summary" }} </td>
</tr>
<tr>
- <td>Date</td>
+ <th>Date</th>
<td>{{ .Date.Format "2006-01-02" }}</td>
</tr>
-{{- if .Param "cveNumber" -}}
+ {{- if .Param "cveNumber" -}}
<tr>
- <td>CVE Number</td>
+ <th>CVE Number</th>
<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name={{ .Param "cveNumber" | upper }}">{{ .Param "cveNumber" | upper }}</a></td>
</td>
-{{- end -}}
-{{- if .Param "talosReportId" -}}
+ {{- end -}}
+ {{- if .Param "talosReportId" -}}
<tr>
- <td>Talos Report ID</td>
+ <th>Talos Report ID</th>
<td><a href="https://talosintelligence.com/vulnerability_reports/{{ .Param "talosReportId" }}">{{ .Param "talosReportId" | upper }}</a></td>
</tr>
-{{- end -}}
+ {{- end -}}
<tr>
- <td>Discovered By</td>
+ <th>Discovered By</th>
<td>{{ .Param "discoveredBy" }}</td>
</tr>
-{{- if .Param "fixedInRevision" -}}
+ {{- if .Param "fixedInRevision" -}}
<tr>
- <td>Fixed In Revision</td>
+ <th>Fixed In Revision</th>
<td>{{ .Param "fixedInRevision" }}</td>
</tr>
-{{- end -}}
+ {{- end -}}
<tr>
- <td>Fixed In Release</td>
+ <th>Fixed In Release</th>
<td>{{ .Param "fixedInRelease" }}</td>
</tr>
</tbody>
@@ -46,16 +46,16 @@
{{ .Content }}
<div class="item-nav">
-{{- with .PrevInSection -}}
+ {{- with .PrevInSection -}}
<div class="prev">
<a href="{{ .Permalink }}">Previous<br/>{{ .Param "summary" }}</a>
</div>
-{{- end -}}
-{{- with .NextInSection -}}
+ {{- end -}}
+ {{- with .NextInSection -}}
<div class="next">
<a href="{{ .Permalink }}">Next<br/>{{ .Param "summary" }}</a>
</div>
-{{- end -}}
+ {{- end -}}
</div>
{{ partial "footline.html" . }}