Date: Wed, 6 Jul 2016 11:01:13 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: Gustavo Grieco <gustavo.grieco@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: Browsing and attaching images considered harmful in Linux Hi On Mon, Jul 04, 2016 at 09:13:05PM +0200, Gustavo Grieco wrote: > Fortunately, this issue is already solved in the last revision of > librsvg2 (AFAIK, this issue has no CVE, so please MITRE assign one if > suitable). Nevertheless, I reported such vulnerability to Mozilla more > than a month ago hoping that they will disable the svg support in the > open/attach widget. After some discussion, it was marked as WONTFIX. > While i understand why, i still feel it can be productive to discuss > this here. If I correctly bisected with the reproducer, then the fix should be around https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7). If anyone can confirm that would be great. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ