From: Simon McVittie <smcv@debian.org>
Date: Wed, 4 May 2016 07:52:40 +0000 (+0100)
Subject: img: force common Web formats to be interpreted according to extension
X-Git-Tag: debian/3.20141016.3~15
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/a42468aa22cf096f7ff3667affb160528f5dacde?ds=sidebyside;hp=a42468aa22cf096f7ff3667affb160528f5dacde

img: force common Web formats to be interpreted according to extension

A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.
---