-
Users can overwrite arbitrary files if PrintData or PrintStats is invoked and fs.protected_symlinks is 0
Reproducer:
As user:
```
johannes@linux-v0tl:~> ls -lah /passwd
-rw-r--r-- 1 root root…
-
The existing USN website acts as the source for the USN database. I'm not sure of all the files that it serves up but here's some examples:
https://usn.ubuntu.com/usn-db/database-all.pickle.bz2
ht…
-
The FCOS stream design (#22, #72) has two elements that affect the kernel:
- When there's a kernel fix that requires an out-of-cycle FCOS release, it may be desirable to backport the fix to kernels…
-
### Submission type
[x] Bug report
### systemd version the issue has been seen with
systemd 229 …
-
Hi
I am analysing a tool as part of a bug bounty program and i have ended analysing a horrible DB2 driver (version 9.7.0.11). The report shows a lot of false positives. Looks like it is ignoring t…
-
## Summary
When uploading a new release to NuGet.org, the package author should be able to choose to indicate whether the new version contains security fixes and which versions are affected.
## …
-
### Description
In #2916 we removed our logic that lowercased attribute names. This caused one regression: any attribute getter using a name for boolean attributes but not all lowercased is going in…
-
I'm pretty new to the community, so I don't know if this was brought up in the past....
GitHub doesn't parse P6 pod and [shows errors](https://github.com/perl6/doc/blob/master/doc/Type/IO/Socket/INET…
-
Hi!
I was wondering if you have plans to use giflib's save/writer to create a gifsaver in libvips. I've had a look through and it seems like it may be possible, but I don't know if there are any ma…
-
## Description
Pretty unfair that you're recommending Firefox and not Waterfox. Especially since FF has recently banned free speech extensions from its repo. Twitter censors everyone, so we have Gab.…