要点是这一段
We recommend (but do not require) that all users take this time to
change their passwords, update their security questions/answers and
review their other account information.
个人感觉跟 Evernote 的情况差不多,及时改密码就行
---------- Forwarded message ----------
From: Robyn Bergeron <rbergero(a)redhat.com>
Date: 2013/5/10
Subject: fedoraproject.org Account System (FAS) security issue.
To: announce(a)lists.fedoraproject.org
Greetings.
A bug has been discovered in the Fedora Account system that could have
exposed some sensitive information to logged in users.
The bug is around the group view function of the account system.
The bug has been present since 2008.
In order to view the private data, a attacker would have to:
* login to the account system with a valid FAS account.
* Go to a group with unapproved members
* manipulate the URL to get a json version of the unapproved members
list.
The information exposed could include the following from unapproved
members of a group:
* salted sha512 encrypted password
* security questions (plaintext)
* security answers, however they would be gpg encrypted.
* Possibly other account data that was marked 'private' if the user had
privacy set.
A hotfix for this bug has been made in our infrastructure,
and a upstream release with the fix is expected later today.
Review of logs has shown no cases where this bug was used in our
production account system, however our staging version was also
vulnerable and we are unable to confirm the information was not
accessed there. Moving forward, additional logging will be added to our
staging infrastructure.
We recommend (but do not require) that all users take this time to
change their passwords, update their security questions/answers and
review their other account information.
-Robyn Bergeron
--
announce mailing list
announce(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
--
Have a nice day!
Zhenbo Li
Hi all,
The IRC meeting minutes tonight are available at the link [1]. Thanks
everyone for attending the meeting.
In the meeting we mainly talked about FUDCon APAC 2014 bid tasks, and
FPWiki Zh page updates. Please review the proposed ideas and actions.
The next IRC meeting will be held on next Friday (2013-05-10). Please
come and join the discussion if you can!
[1]:
http://meetbot.fedoraproject.org/fedora-zh/2013-05-03/fedora-zh.2013-05-0...
==================
#fedora-zh Meeting
==================
Meeting started by alick at 13:14:16 UTC. The full logs are available at
http://meetbot.fedoraproject.org/fedora-zh/2013-05-03/fedora-zh.2013-05-0...
.
Meeting summary
---------------
* 点名 (alick, 13:14:46)
* FUDCON APAC 2014 举办申请 (alick, 13:17:24)
* ACTION: alick acquire info about possible host place (alick,
13:34:51)
* ACTION: dongfengweixiao acquire info about CAS as host (alick,
13:35:07)
* ACTION: endle 汇总一下之前IRC中的场地信息,并发到邮件列表中 (endle,
13:45:20)
* FPWiki Zh 页面的整理更新 (alick, 13:47:57)
* LINK: https://fedoraproject.org/wiki/FZUGCommunicate (alick,
13:48:58)
* LINK:
http://meetbot.fedoraproject.org/fedora-zh/2013-04-26/fedora-zh.2013-04-2...
(alick, 13:51:45)
* LINK: https://fedoraproject.org/wiki/Talk:FZUGCommunicate (alick,
13:52:05)
* IDEA: 个人认为,wiki 在刚接触 fedora 的人看来,是最权威的信息。所
以,经由 wiki
推荐的页面,也应当以宁缺毋滥为原则 (endle, 13:55:17)
* ACTION: endle 清理FZUGCommunicate的死链 (endle, 13:59:36)
* LINK: http://planet.fedora-zh.org (endle, 14:00:52)
Meeting ended at 14:13:27 UTC.
Action Items
------------
* alick acquire info about possible host place
* dongfengweixiao acquire info about CAS as host
* endle 汇总一下之前IRC中的场地信息,并发到邮件列表中
* endle 清理FZUGCommunicate的死链
Action Items, by person
-----------------------
* alick
* alick acquire info about possible host place
* dongfengweixiao
* dongfengweixiao acquire info about CAS as host
* endle
* endle 汇总一下之前IRC中的场地信息,并发到邮件列表中
* endle 清理FZUGCommunicate的死链
* **UNASSIGNED**
* (none)
People Present (lines said)
---------------------------
* alick (68)
* endle (36)
* dongfengweixiao (31)
* zodbot (8)
* BadGirl (6)
* amos (6)
* Robin_cheese_Lee (5)
* zsun_symbian (1)
* microcai (1)
* CyrusYzGTt (0)
* gfrog (0)
* tiansworld1 (0)
* biergaizi (0)
Generated by `MeetBot`_ 0.1.4
.. _`MeetBot`: http://wiki.debian.org/MeetBot
--
Alick
Fedora 18 (Spherical Cow) user
https://fedoraproject.org/wiki/User:Alick
