Comment 39 for bug 1415087
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Format-guessing and file disclosure in image convert | #39 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Bastian: the security fix will likely be a workaround -- that doesn't prevent the issue from being fully fixed in a future version (by tracking format appropriately). Agree that this is taking way too long.
@Cinder-coresec: please review proposed patch
@Nova-coresec: please propose patch to cover for the case @ comment #10
We'll get a CVE based on the impact description at comment #20 for you to include in your public disclosure.