From: Simon McVittie <smcv@debian.org>
Date: Wed, 4 May 2016 07:52:40 +0000 (+0100)
Subject: img: force common Web formats to be interpreted according to extension
X-Git-Tag: 3.20160506~9
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/54a9f8d07de3bf853a74c34ca98bcb3ec9bc8ac7?ds=sidebyside;hp=54a9f8d07de3bf853a74c34ca98bcb3ec9bc8ac7

img: force common Web formats to be interpreted according to extension

A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.
---