Escaping Docker container using
waitid() – CVE-2017-5123 (twistlock.com)
Not new at all but was new to me, and was well worth my time: DEFCON 19: Bit-squatting: DNS Hijacking Without Exploitation (w speaker)
Only somewhat related: https://www.pytosquatting.org/
Here's what upstream has to say about the new release 2.9.6. Enjoy :)
Expat 2.2.4 has recently been released. It features one major bugfix regarding files encoded as UTF-8, and improvements to the build system. If you are using a more ancient version of Visual Studio like 2012, please check the post-2.2.4 commits in Git for related fixes to compilation. Also, founding of Rhodri's work on Expat by the Core Infrastructure Initiative is coming to an end. If you can fund additional developers for work on Expat — including smooth integration of by-default protection against billion laughs denial-of-service attacks — please get in touch.
- Short version: Openmailbox “upgrade”: outages, broken app, paywalled or removed features https://news.ycombinator.com/item?id=14935004
- Longer version: Openmailbox 2.0: new owner, outages, brokenness, paywalled and removed features http://phoe-krk.tumblr.com/post/163837468388/openmailbox-20-new-owner-outages-brokenness
Update: I moved to disroot.org now.
Just a quick note that Expat 2.2.3 has been released. For Windows users, it
fixes DLL hijacking
Linux, extracting entropy for Hash DoS protection no longer blocks, which
affected D-Bus and systems that are low on entropy early in the boot process.
For more details, please check the
(This article first appeared on XML.com.)
Windows binaries compiled with
_UNICODE now use proper entropy for seeding
the SipHash algorithm. On Unix-like platforms,
accidentally missing out on high quality entropy sources is now prevented from
going unnoticed: It would happen when some other build system than the
configure script was used, e.g. the shipped CMake one or when the source code
was copied into some parent project's build system without paying attention to
the new compile flags (that the configure script would auto-detect for you).
After some struggle with a decision about
C99, Expat requires a C99 compiler now;
18 years after its definition, that's a defendable move. The
ULL integer literals (
unsigned long long) for SipHash made us move.
Expat would like to thank the community for the bug reports and patches that went into Expat 2.2.2. If you maintain a bundled copy of Expat somewhere, please make sure it gets updated.
Sebastian Pipping for the Expat development team