From nectar at FreeBSD.org Sat Apr 17 09:11:03 2004 From: nectar at FreeBSD.org (Jacques A. Vidrine) Date: Sat Apr 17 09:11:57 2004 Subject: test message 1 Message-ID: <20040417161101.GA6138@madman.celabo.org> sent to vuxml@freebsd.org -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From nectar at FreeBSD.org Sat Apr 17 09:11:24 2004 From: nectar at FreeBSD.org (Jacques A. Vidrine) Date: Sat Apr 17 09:11:57 2004 Subject: test message 2 Message-ID: <20040417161123.GB6138@madman.celabo.org> sent to freebsd-vuxml@ -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org From listsucker at ipv5.net Tue Apr 20 06:53:56 2004 From: listsucker at ipv5.net (Frankye - ML) Date: Tue Apr 20 06:54:16 2004 Subject: [vuxml entry] phpBB 2.0.8a ip spoofing Message-ID: <20040420155211.6fad1eb0@godzilla> (cc-ed to the port maintainer) Hi everyone on the list and Mr. Liu An Ip spoofing issue was just posted on bugtraq. The issue seems trivial, but if anyone can spoof his ip address forging a browser header maybe an installation which make heavy use of ip based acls can suffer a lot. For what I understand you could easily spoof yourself as 127.0.0.1 ... An unofficial patch was published on bugtraq too, and is available in the message (http://marc.theaimsgroup.com/?l=bugtraq&m=108241122908409) and online (http://www.nettwerked.co.uk/code/phpbb-ipspoof.patch) Attached is the vuxml snippet for this issue. Frankye ps: To Mr. Liu: if you're not following the whole vuxml thing and you're wondering what this is all about there's some info there (http://lists.freebsd.org/pipermail/freebsd-security/2004-April/001859.ht ml) -------------- next part -------------- A non-text attachment was scrubbed... Name: phpbb20040420.xml.snippet Type: application/octet-stream Size: 757 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20040420/e9717a09/phpbb20040420.xml.obj From liukang at bjpu.edu.cn Tue Apr 20 09:59:55 2004 From: liukang at bjpu.edu.cn (Kang Liu) Date: Tue Apr 20 10:00:37 2004 Subject: [vuxml entry] phpBB 2.0.8a ip spoofing In-Reply-To: <282468679.17872@bjpu.edu.cn> Message-ID: <282479830.17835@bjpu.edu.cn> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thank you very much for informing me of this problem. I've read it from bugtraq and tested it on my own computer. I think the IP spoof vulnerability can be confirmed. But as you said, this vulnerability only affect the boards which use IP based ACL, By default, there is no IP based ACL unless the board manager create it. I do not mean this problem can be ignored, Further more, there might be another problem which may lead to DoS. I'm trying to contact with the founder to confirm the potential vulnerability, After that I will send a PR as soon as I can. Regards, Liu Kang -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQIVWvNCgh1up3pM4EQIVAwCcDcRZ/hcnQ8RTAn5Lp5lSTAneQeoAoPw4 o4dR7Gh1fo36pP+hWSsVjf3w =Fmto -----END PGP SIGNATURE----- From mi+mx at aldan.algebra.com Tue Apr 20 14:26:12 2004 From: mi+mx at aldan.algebra.com (Mikhail Teterin) Date: Tue Apr 20 14:30:00 2004 Subject: KNewsTicker and the VuXML RSS feed Message-ID: <200404201725.59379@misha-mx.virtual-estates.net> Hello! Was anyone able to add the http://www.vuxml.org/freebsd/rss.xml to their KNewsTicker? Mine just says: "no articles available". Does KNT expect an earlier format of the RSS or is there something else I'm missing? Thanks! -mi From listsucker at ipv5.net Tue Apr 20 15:02:17 2004 From: listsucker at ipv5.net (Frankye - ML) Date: Tue Apr 20 15:02:29 2004 Subject: KNewsTicker and the VuXML RSS feed In-Reply-To: <200404201725.59379@misha-mx.virtual-estates.net> References: <200404201725.59379@misha-mx.virtual-estates.net> Message-ID: <20040421000035.62afcd17@godzilla> On Tue, 20 Apr 2004 17:25:59 -0400 Mikhail Teterin wrote: | Hello! | | Was anyone able to add the http://www.vuxml.org/freebsd/rss.xml | to their KNewsTicker? yes, works as a charm. I'm using the rss-reader extension for the phoe^Wfirebir^Wfirefox browser, the liferea rss reader parses it equally well (it's in the ports). | Mine just says: "no articles available". Does KNT expect an earlier | format of the RSS or is there something else I'm missing? Thanks! Some googling reveals that, as of 21:17 UTC on Apr 20, 2004, the kdenetwork module has "Initial, incomplete, RSS 2.0 support"[1], may that be the problem? Frankye [1] http://cia.navi.cx/stats/author/raabe/.message/876802 From listsucker at ipv5.net Tue Apr 20 18:32:42 2004 From: listsucker at ipv5.net (Frankye - ML) Date: Tue Apr 20 18:32:58 2004 Subject: the feed appears to be "invalid" (was: Re: KNewsTicker and the VuXML RSS feed) In-Reply-To: <200404201725.59379@misha-mx.virtual-estates.net> References: <200404201725.59379@misha-mx.virtual-estates.net> Message-ID: <20040421032820.3854bd61@godzilla> Hi everyone FWIW, I've tried to validate[1] the vuxml rss feed, and the result was that is not in RFC-822 format. According to the rfc[2] the correct value for UTC is... UT Frankye [1] http://feedvalidator.org/ http://rss.scripting.com/ [2] "Standard for the Format of ARPA Internet Text Messages" section 5 http://www.sendmail.org/rfc/0822.html#5 From nectar at FreeBSD.org Wed Apr 21 04:52:28 2004 From: nectar at FreeBSD.org (Jacques A. Vidrine) Date: Wed Apr 21 04:58:05 2004 Subject: the feed appears to be "invalid" (was: Re: KNewsTicker and the VuXML RSS feed) In-Reply-To: <20040421032820.3854bd61@godzilla> References: <200404201725.59379@misha-mx.virtual-estates.net> <20040421032820.3854bd61@godzilla> Message-ID: <20040421103813.GB19492@lum.celabo.org> On Wed, Apr 21, 2004 at 03:28:20AM +0200, Frankye - ML wrote: > Hi everyone > > FWIW, I've tried to validate[1] the vuxml rss feed, and the result was > that is not in RFC-822 format. > According to the rfc[2] the correct value for UTC is... UT > > Frankye > > [1] http://feedvalidator.org/ > http://rss.scripting.com/ > [2] "Standard for the Format of ARPA Internet Text Messages" section 5 > http://www.sendmail.org/rfc/0822.html#5 Thanks, Frankye! I've corrected the timezone string to be `+0000' rather than `UTC'. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org