[packages/ImageMagick] policy.xml changes to mitigate imagetragick
Arkadiusz Miśkiewicz
arekm at maven.pl
Thu May 26 20:58:37 CEST 2016
On Thursday 26 of May 2016, Elan Ruusamäe wrote:
> On 26.05.2016 19:38, Arkadiusz Miśkiewicz wrote:
> > On Thursday 26 of May 2016, glen wrote:
> >> >commit b721b050c0cd63ad00f987bc3a6389ac2a7282e0
> >> >Author: Elan Ruusamäe<glen at delfi.ee>
> >> >Date: Thu May 26 17:43:23 2016 +0300
> >> >
> >> > policy.xml changes to mitigate imagetragick
> >> >
> >> > recommended config fromhttps://imagetragick.com/
> >
> > Isn't that just disabling specified formats which makes little sense as
> > this version is supposed to have these extensions fixed?
>
> as i see this, these are protocols or rarely used formats and making
> default config secure (not allowing to load from network, etc). if
> someone's system really needs them, they can modify local policy.xml to
> enable these.
Ok (just commit message is misleading)
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the pld-devel-en
mailing list