git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit

]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commit

projects / git.ikiwiki.info.git / commit

author	Simon McVittie <smcv@debian.org>
	Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)
committer	Simon McVittie <smcv@debian.org>
	Thu, 5 May 2016 22:44:31 +0000 (23:44 +0100)
commit	a42468aa22cf096f7ff3667affb160528f5dacde
tree	87006a418d1a3bdbf2c35f08c00ed7c93c37c03f	tree \| snapshot
parent	3a72fd87c7214a508b67ac8dc3567a427240c9c8	commit \| diff

img: force common Web formats to be interpreted according to extension

A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.

IkiWiki/Plugin/img.pm

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom