]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
projects / git.ikiwiki.info.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from: a42468a)
img: force common Web formats to be interpreted according to extension
authorSimon McVittie <smcv@debian.org>
Wed, 4 May 2016 07:52:40 +0000 (08:52 +0100)
committerSimon McVittie <smcv@debian.org>
Thu, 5 May 2016 22:44:31 +0000 (23:44 +0100)
A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.


No differences found
Unnamed repository; edit this file 'description' to name the repository.