BrikoX to Technology@lemmy.worldEnglish • 1 year agoMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comexternal-linkmessage-square7fedilinkarrow-up1117arrow-down13cross-posted to: tech@kbin.socialmastodon@lemmy.worldsdfpubnixtechnology@lemmy.mltechnology@beehaw.org
arrow-up1114arrow-down1external-linkMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comBrikoX to Technology@lemmy.worldEnglish • 1 year agomessage-square7fedilinkcross-posted to: tech@kbin.socialmastodon@lemmy.worldsdfpubnixtechnology@lemmy.mltechnology@beehaw.org
minus-square@jjagaimo@lemmy.calinkfedilinkEnglish7•edit-21 year agoDirectly probably not. Its more likely an implementation issue than a federation issue. “Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location" I doubt lemmy and mastodon share image parsing code
minus-square@npmstart_pray@lemmy.fmhy.mlcakelinkfedilinkEnglish0•1 year agoI’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
minus-squareBrikoXOPlinkfedilinkEnglish6•1 year agoLemmy has been in development since 2019. And Lemmy uses pict-rs for images.
Directly probably not. Its more likely an implementation issue than a federation issue.
“Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location"
I doubt lemmy and mastodon share image parsing code
I’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
Lemmy has been in development since 2019. And Lemmy uses pict-rs for images.