From ed8074ab7617e7156ddfe83f66415fb20405f548 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 23 Dec 2024 14:33:59 -0300 Subject: [PATCH 1/4] =?UTF-8?q?fix:=20cambio=20de=20llave=20p=C3=BAblica?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public/.well-known/pgp.asc | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/public/.well-known/pgp.asc b/public/.well-known/pgp.asc index 83717c46..da7ba6fc 100644 --- a/public/.well-known/pgp.asc +++ b/public/.well-known/pgp.asc @@ -1,13 +1,13 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mDMEXuIuxxYJKwYBBAHaRw8BAQdAx7++TG7xSYPtEC7cALkX2bQkIsPdiPjA1NW6 -KyZIXjS0GFN1dHR5IDxzdXR0eUByaXNldXAubmV0PoiQBBMWCgA4FiEEODcdZeeQ -ThO24WEhhg0wFh4HfXEFAl7iLscCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA -CgkQhg0wFh4HfXHewQEA7PIVXSrXapCqz+bBypFHeowtiqi8PCJeaueeDWN7+1AB -AKerQ/C56DiSpwCdNDvlleuRlhk3TedStnZOZw83T4UDuDgEXuIuxxIKKwYBBAGX -VQEFAQEHQGl8Q/uPz3VwWPpAS6KJLZI27caqsgG416mSrbU54YQ1AwEIB4h4BBgW -CgAgFiEEODcdZeeQThO24WEhhg0wFh4HfXEFAl7iLscCGwwACgkQhg0wFh4HfXHM -CAEA5Lw718/jYN1DztG8/mGI3E7le19NSjdkc00p8VBESpcBAL4bNmVKqPZa14/D -eu2uHSY1XcLpdUjD+eq0KjGpG90M -=X71f +mDMEZ2mRdBYJKwYBBAHaRw8BAQdAv+efdxjE3mScSj9gE/aToTRM1a7BjhGJ3ZOF +frWMnYW0HVN1dHR5IENvb3AgPHN1dHR5QHJpc2V1cC5uZXQ+iJkEExYKAEEWIQRb +/QhO+qrWre3YhiVzWVgylXkBZQUCZ2mRdAIbAwUJBaOagAULCQgHAgIiAgYVCgkI +CwIEFgIDAQIeBwIXgAAKCRBzWVgylXkBZSRAAQD3l2jbDGPjXyDo2nfZ+/cBuy77 +dTFK4wzifDmeCr8MfwEAs1Qvh/4bHcPyjL8E07UZQfdA0BA9hdzDLSQoYRe2ZAm4 +OARnaZF0EgorBgEEAZdVAQUBAQdAiW4wq8MhDMM8Tw8JTOyuYUT7QCH5he4Fi37F +9+upXg0DAQgHiH4EGBYKACYWIQRb/QhO+qrWre3YhiVzWVgylXkBZQUCZ2mRdAIb +DAUJBaOagAAKCRBzWVgylXkBZSvDAP4kPEH+llMvjkAN68+ezBqrRwxbSzjlVziR +wB29o4OELwD/fZZfDan6PSiigXRwH0vImXSTaXCO0nk8sSfeQfhcpgY= +=njjL -----END PGP PUBLIC KEY BLOCK----- From 57f55a40375b6819c7ec5bc0932a3817e97038ad Mon Sep 17 00:00:00 2001 From: f Date: Mon, 23 Dec 2024 14:34:12 -0300 Subject: [PATCH 2/4] feat: vincular a hall of fame --- public/.well-known/security.txt | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/public/.well-known/security.txt b/public/.well-known/security.txt index 1783385f..c0cf2200 100644 --- a/public/.well-known/security.txt +++ b/public/.well-known/security.txt @@ -5,12 +5,11 @@ Contact: sutty+security@riseup.net Encryption: https://panel.sutty.nl/.well-known/pgp.asc Preferred-Languages: es,en Canonical: https://panel.sutty.nl/.well-known/security.txt +Acknowledgments: https://panel.sutty.nl/.well-known/hall-of-fame.txt -----BEGIN PGP SIGNATURE----- -iNUEARYKAH0WIQQ4Nx1l55BOE7bhYSGGDTAWHgd9cQUCX7WQZV8UgAAAAAAuAChp -c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0Mzgz -NzFENjVFNzkwNEUxM0I2RTE2MTIxODYwRDMwMTYxRTA3N0Q3MQAKCRCGDTAWHgd9 -cTBjAP9CxBiGyhkGdtcv1uUUZEG2Oq3RdYjr6fGbVDQt7YidBQD/U4pyDz+dwkZZ -0+YAA9Hst0RqOwJpLh5yPGCVIdhGLgE= -=CxQY +iHUEARYKAB0WIQRb/QhO+qrWre3YhiVzWVgylXkBZQUCZ2mTkQAKCRBzWVgylXkB +ZYI7AP9rROT5tInVlfjt1sTIYpEqO7H6IVWt6gBC2YkcaS5mvgEA1tIi9FZ2vT4F +WTPg+c5FxXku+uggUQCYPhTeG8RWJwE= +=4vAv -----END PGP SIGNATURE----- From 3761c2ec6f2b7803a9b3dc5255aee78745f67776 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 23 Dec 2024 14:42:46 -0300 Subject: [PATCH 3/4] feat: hall of fame #17959 --- public/.well-known/hall-of-fame.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 public/.well-known/hall-of-fame.txt diff --git a/public/.well-known/hall-of-fame.txt b/public/.well-known/hall-of-fame.txt new file mode 100644 index 00000000..f6ea5d4a --- /dev/null +++ b/public/.well-known/hall-of-fame.txt @@ -0,0 +1,12 @@ +# === Hall of Fame === +# +# This is a list of very awesome and friendly hackers who have reported +# security issues in git-shortlog format. + +Parth Narula (3): + Hyperlink Injection https://0xacab.org/sutty/sutty/-/issues/17494 + Email Flooding Vulnerability https://0xacab.org/sutty/sutty/-/issues/17493 + Missing MTA-STS https://0xacab.org/sutty/sutty.nl/-/commit/e506a3f3fedb46979894f4d9dab665723d855a50 + +Sakil Hasan Saikat (1): + Exposed yarn.lock File Leading to Potential Information Disclosure https://0xacab.org/sutty/sutty/-/issues/18071 From 77086842216abe6c44c7452f833973c4ef628c01 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 23 Dec 2024 14:43:51 -0300 Subject: [PATCH 4/4] fix: firma --- public/.well-known/hall-of-fame.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/public/.well-known/hall-of-fame.txt b/public/.well-known/hall-of-fame.txt index f6ea5d4a..6a40abe2 100644 --- a/public/.well-known/hall-of-fame.txt +++ b/public/.well-known/hall-of-fame.txt @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + # === Hall of Fame === # # This is a list of very awesome and friendly hackers who have reported @@ -10,3 +13,10 @@ Parth Narula (3): Sakil Hasan Saikat (1): Exposed yarn.lock File Leading to Potential Information Disclosure https://0xacab.org/sutty/sutty/-/issues/18071 +-----BEGIN PGP SIGNATURE----- + +iHUEARYKAB0WIQRb/QhO+qrWre3YhiVzWVgylXkBZQUCZ2mhQAAKCRBzWVgylXkB +ZQSAAP449kcjD8wD97UifD98xwXxxiOINwuu7congn4haEuFIgEA8Xz+qLBHU2g2 +ybXZP+lER0kV2dVexCDrbWbVT8kPJA4= +=PEVU +-----END PGP SIGNATURE-----