|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
(A)social
|
|
February 14, 2018, 08:58:20 AM |
|
Aggiungo: https://bitmessage.org/wiki/Main_Page" A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected. We will release binary files for Windows and macOS tomorrow (2018-02-14). In the mean time, users who use binaries should downgrade to 0.6.1 using the links below.
Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.
We greatly apologize for the issue and we hope to release more information as it becomes available. "
|
|
|
|
cinziamonforte66
Newbie
Offline
Activity: 18
Merit: 0
|
|
February 19, 2018, 11:10:24 AM |
|
spero che la vulnerabilita venga fixata, peccato era un progetto davvero utile ed interessante
|
|
|
|
blockaudit
Jr. Member
Offline
Activity: 34
Merit: 2
Helping the blockchain world build secure++ stuff!
|
|
April 03, 2018, 06:38:19 PM |
|
(Apologies for the EN) - classBase = eval(data[""] + "." + data[""].title()) - except NameError: - logger.error("Don't know how to handle message type: \"%s\"", data[""]) + m = import_module("messagetypes." + data[""]) + classBase = getattr(m, data[""].title()) + except (NameError, ImportError): + logger.error("Don't know how to handle message type: \"%s\"", data[""], exc_info=True)
Yes, eval() is quite dangerous to use in almost any context other than on static, internal data. Definitely not safe to use on anything tainted by user input. Looking at their security tagged issues, Firejail looks like a good step in the direction in general for sandboxing interactions: https://github.com/Bitmessage/PyBitmessage/labels/security
|
https://www.blockaudit.org
|
|
|
domenico.56
Newbie
Offline
Activity: 9
Merit: 0
|
|
April 27, 2018, 01:17:19 PM |
|
è ancora valido come sistema?Leggevo di un bug di sicurezza sapete se è stato fixato?
|
|
|
|
HostFat (OP)
Moderator
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
April 28, 2018, 03:07:40 AM |
|
Si, è stato sistemato. Assicurati di usare l'ultima versione.
|
|
|
|
domenico.56
Newbie
Offline
Activity: 9
Merit: 0
|
|
April 28, 2018, 01:15:57 PM |
|
Grazie x l'informazione buono a sapersi...Utilizzerò l'ultima versione!
|
|
|
|
klgeroghei
Newbie
Offline
Activity: 34
Merit: 0
|
|
July 26, 2018, 07:37:42 AM |
|
Sento che Bitmessage è bello perché usa le prove di lavoro di tipo bitcoin per i messaggi, ma piuttosto ha sostituito le gerarchie di posta elettronica. Very cool!
|
|
|
|
international.off
Member
Offline
Activity: 383
Merit: 16
|
|
July 26, 2018, 02:35:38 PM |
|
Qualcuno ha il link della ultima release?
|
|
|
|
HostFat (OP)
Moderator
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
July 26, 2018, 05:24:17 PM |
|
|
|
|
|
|
|
bitcoin-shark
|
|
May 10, 2019, 07:38:33 PM |
|
quindi il sistema e ancora valido? il bug e stato risolto? lo voglio provare,link per scaricare versione android?...
|
|
|
|
HostFat (OP)
Moderator
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
May 11, 2019, 03:56:26 AM |
|
Bug sono stati risolti, ma la versione android non credo che funzioni e/o sia mantenuta.
|
|
|
|
|