Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 6 Jul 2016 11:01:13 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: Gustavo Grieco <gustavo.grieco@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Browsing and attaching images considered harmful
 in Linux

Hi

On Mon, Jul 04, 2016 at 09:13:05PM +0200, Gustavo Grieco wrote:
> Fortunately, this issue is already solved in the last revision of
> librsvg2 (AFAIK, this issue has no CVE, so please MITRE assign one if
> suitable). Nevertheless, I reported such vulnerability to Mozilla more
> than a month ago hoping that they will disable the svg support in the
> open/attach widget. After some discussion, it was marked as WONTFIX.
> While i understand why, i still feel it can be productive to discuss
> this here.

If I correctly bisected with the reproducer, then the fix should be
around
https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022
(2.40.7).

If anyone can confirm that would be great.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ