[packages/ImageMagick] policy.xml changes to mitigate imagetragick
Elan Ruusamäe
glen at pld-linux.org
Thu May 26 20:52:42 CEST 2016
On 26.05.2016 19:38, Arkadiusz Miśkiewicz wrote:
> On Thursday 26 of May 2016, glen wrote:
>> >commit b721b050c0cd63ad00f987bc3a6389ac2a7282e0
>> >Author: Elan Ruusamäe<glen at delfi.ee>
>> >Date: Thu May 26 17:43:23 2016 +0300
>> >
>> > policy.xml changes to mitigate imagetragick
>> >
>> > recommended config fromhttps://imagetragick.com/
> Isn't that just disabling specified formats which makes little sense as this
> version is supposed to have these extensions fixed?
>
as i see this, these are protocols or rarely used formats and making
default config secure (not allowing to load from network, etc). if
someone's system really needs them, they can modify local policy.xml to
enable these.
--
glen
More information about the pld-devel-en
mailing list