• @jjagaimo@lemmy.ca
      link
      fedilink
      English
      7
      edit-2
      1 year ago

      Directly probably not. Its more likely an implementation issue than a federation issue.

      “Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location"

      I doubt lemmy and mastodon share image parsing code

      • @npmstart_pray@lemmy.fmhy.ml
        link
        fedilink
        English
        01 year ago

        I’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)

        • BrikoXOP
          link
          fedilink
          English
          61 year ago

          Lemmy has been in development since 2019. And Lemmy uses pict-rs for images.

    • wagesj45
      link
      fedilink
      51 year ago

      This bug was a result of the way that Mastodon handled file uploads. Because of the way that Mastodon attempted to figure out what kind of file that a user uploaded, it was possible to create a very specific type of multimedia file that would, when analyzed by the server, trick the server into executing its contents like code rather than an image or movie file. Unless Lemmy processes files the same way, Lemmy should be unaffected.

    • rehendix
      link
      fedilink
      11 year ago

      Nope, other than the use of the ActivityPub standard to communicate information, Mastodon and Lemmy are entirely separate pieces of software. Whether Lemmy, Kbin and similar also have vulnerabilities that would allow for a similar exploit are dependent on how they’ve been designed.