Date: Wed, 6 Jul 2016 11:01:13 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: Gustavo Grieco <gustavo.grieco@...il.com> Cc: oss-security@...ts.openwall.com Subject: Re: Browsing and attaching images considered harmful in Linux Hi On Mon, Jul 04, 2016 at 09:13:05PM +0200, Gustavo Grieco wrote: > Fortunately, this issue is already solved in the last revision of > librsvg2 (AFAIK, this issue has no CVE, so please MITRE assign one if > suitable). Nevertheless, I reported such vulnerability to Mozilla more > than a month ago hoping that they will disable the svg support in the > open/attach widget. After some discussion, it was marked as WONTFIX. > While i understand why, i still feel it can be productive to discuss > this here. If I correctly bisected with the reproducer, then the fix should be around https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7). If anyone can confirm that would be great. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.