git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit

]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit

projects / git.ikiwiki.info.git / commit

author	Simon McVittie <smcv@debian.org>
	Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)
committer	Simon McVittie <smcv@debian.org>
	Thu, 5 May 2016 22:43:50 +0000 (23:43 +0100)
commit	54a9f8d07de3bf853a74c34ca98bcb3ec9bc8ac7
tree	238e380782fd1f15f4ef0ee408e6c934a80ae08e	tree \| snapshot
parent	32ef584dc5abb6ddb9f794f94ea0b2934967bba7	commit \| diff

img: force common Web formats to be interpreted according to extension

A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.

IkiWiki/Plugin/img.pm

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom