I’ve just made an
advisory
about CVE-2013-1436. It was quite interesting to discover and
exploit. A
patch
with a fix is already available. If you use xmonad along with
xmobar or dzen, you should patch and re-compile your xmonad
binary as soon as posible, or you’ll be exposed to a remote command
injection vulnerability.
Unlike few years ago, current
nouevau drivers work like a
charm. The only major feature I was missing was the ability to control the
fans because by default they’re very noisy, and for me silence is a
feature. Fortunately, as Christmas gift one of the last
commits
of 2012 introduced this functionality.
Two days ago I was playing with ikiwiki’s
login methods and its templates. After that came the turn of the
comments plugin and its input
fields. Almost accidentaly, I discovered that the contents of
comment’s author input field weren’t correctly sanitized, having as a
consequence a
stored XSS.