{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":795512,"defaultBranch":"master","name":"dotconf","ownerLogin":"williamh","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2010-07-24T19:43:28.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/64355?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1712677519.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"7c3e0515c29efce45de6aae29befb2ab4396bd60","ref":"refs/heads/1.4.x","pushedAt":"2024-04-09T15:44:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"williamh","name":"William Hubbs","path":"/williamh","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64355?s=80&v=4"},"commit":{"message":"version 1.4.1","shortMessageHtmlLink":"version 1.4.1"}},{"before":"9eccb04744da52898e4b59b54fe1e36934a164b7","after":"ed5c5a1707ed55b45904f875f6b25ce9076f4fa6","ref":"refs/heads/master","pushedAt":"2024-04-09T12:52:56.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"williamh","name":"William Hubbs","path":"/williamh","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64355?s=80&v=4"},"commit":{"message":"fix unused warning","shortMessageHtmlLink":"fix unused warning"}},{"before":"ced5b7e629142dd028acee11f55494c667a4ad49","after":"9eccb04744da52898e4b59b54fe1e36934a164b7","ref":"refs/heads/master","pushedAt":"2024-04-05T20:54:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"williamh","name":"William Hubbs","path":"/williamh","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64355?s=80&v=4"},"commit":{"message":"version 1.4","shortMessageHtmlLink":"version 1.4"}},{"before":"651d87f20fa647139b8f969577d0391266d53288","after":"ced5b7e629142dd028acee11f55494c667a4ad49","ref":"refs/heads/master","pushedAt":"2024-04-05T20:11:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"williamh","name":"William Hubbs","path":"/williamh","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/64355?s=80&v=4"},"commit":{"message":"bug fixes\n\nThis fixes a security vulnerability as well as three other bugs.\n\nThe potential vulnerability lies on lines 280 to 314 of dotconf.c,\nwherein the \"dotconf_get_next_line\" function does not use the provided\nbufsize parameter. This can lead to an overflowing write of the\nprovided buffer when a line that contains an escape at the end is read\nand is followed by a large following line. While most applications of\ndotconf seem to trust the configuration file in question, this is a\ndirect buffer overflow which could be used to gain arbitrary code\nexecution. If nothing else, it is certainly a bug.\n\nThe additional three other related but not security-\nrelevant bugs in lines 259 to 278 in the function\n\"dotconf_continue_line\". Namely:\n1. a line containing only an escape character followed by a newline or\nfollowed by a carriage return + newline leads to a non-exploitable one\nor two byte buffer underflow read, respectively\n2. a line containing a carriage return + newline leads to a single byte\nbuffer underflow read\n3. a line of any length ending with an escape followed by a carriage\nreturn + newline leads to a miscomputation of the line offset, leading\nto the escape character being retained\n\nI would like to thank Addison Crump <addison.crump@cispa.de> for the\nfixes.","shortMessageHtmlLink":"bug fixes"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAELCwrowA","startCursor":null,"endCursor":null}},"title":"Activity · williamh/dotconf"}