Skip to content

Fix bug allowing to execute arbitrary javascript in SVG files.#1251

Closed
noobpk wants to merge 1 commit intoeventum:masterfrom
noobpk:master
Closed

Fix bug allowing to execute arbitrary javascript in SVG files.#1251
noobpk wants to merge 1 commit intoeventum:masterfrom
noobpk:master

Conversation

@noobpk
Copy link
Copy Markdown
Contributor

@noobpk noobpk commented Nov 9, 2021
edited by glensc
Loading

@noobpk
Add CSP header
9866848 
Fix bug allowing to execute arbitrary javascript in SVG files.
Bug disclose: https://huntr.dev/bounties/253ebdad-a593-425a-bb91-20da8f3fbae9/
@glensc
Copy link
Copy Markdown
Member

glensc commented Nov 9, 2021

@noobpk you should never create pull request from master branch. you will end up with various problems.

there's short guide how you should contribute:

ps: no need to do anything with this PR right now, just informing you.

@glensc glensc self-assigned this Nov 9, 2021
@glensc glensc added this to the 3.10.8 milestone Nov 9, 2021
@glensc
Copy link
Copy Markdown
Member

glensc commented Nov 9, 2021

@noobpk can you add changelog entry?

@noobpk
Copy link
Copy Markdown
Contributor Author

noobpk commented Nov 9, 2021

@noobpk you should never create pull request from master branch. you will end up with various problems.

there's short guide how you should contribute:

ps: no need to do anything with this PR right now, just informing you.

Oh sorry, i will do it with the remaining issue. ^^

@glensc
Copy link
Copy Markdown
Member

glensc commented Nov 9, 2021

@noobpk can you add changelog entry now?

as I don't know how to verify this, but the change looks okay, so I'll merge it.

once this is merged, you probably need to reset your fork like this (use "master" for "main"):

@noobpk
Copy link
Copy Markdown
Contributor Author

noobpk commented Nov 9, 2021

@noobpk can you add changelog entry now?

as I don't know how to verify this, but the change looks okay, so I'll merge it.

once this is merged, you probably need to reset your fork like this (use "master" for "main"):

How do I do to add changelog?

@glensc
Copy link
Copy Markdown
Member

glensc commented Nov 9, 2021

How do I do to add changelog?

You add an entry to CHANGELOG.md under 3.10.8 section

@glensc glensc changed the title Add CSP header Fix bug allowing to execute arbitrary javascript in SVG files. Nov 9, 2021
@glensc glensc closed this in 1b86239 Nov 9, 2021
@glensc
Copy link
Copy Markdown
Member

glensc commented Nov 9, 2021

Added changelog myself, and since you created your PR from the master branch, I had to merge this locally with the fixed changes.

glensc pushed a commit to glensc/eventum that referenced this pull request Nov 9, 2021
@noobpk @glensc
Fix bug allowing to execute arbitrary javascript in SVG files
d389319 
Add CSP header

Closes eventum#1251

Bug Disclosure: https://huntr.dev/bounties/253ebdad-a593-425a-bb91-20da8f3fbae9/
Signed-off-by: Elan Ruusamäe <glen@pld-linux.org>
@glensc glensc modified the milestones: 3.10.8, 3.10.7.1 Nov 9, 2021
@glensc
Copy link
Copy Markdown
Member

glensc commented Nov 9, 2021

This is released as 3.10.7.1:

glensc added a commit that referenced this pull request Nov 9, 2021
@glensc
Fix changelog for #1251
71daca2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@glensc glensc

Labels

None yet

Milestone

3.10.7.1

Development

Successfully merging this pull request may close these issues.

2 participants

@noobpk @glensc