BrikoX to TechnologyEnglish • 1 year agoMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comexternal-linkmessage-square7fedilinkarrow-up1117arrow-down13cross-posted to: [email protected]mastodon[email protected][email protected][email protected][email protected]
arrow-up1114arrow-down1external-linkMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comBrikoX to TechnologyEnglish • 1 year agomessage-square7fedilinkcross-posted to: [email protected]mastodon[email protected][email protected][email protected][email protected]
minus-square@[email protected]linkfedilinkEnglish7•edit-21 year agoDirectly probably not. Its more likely an implementation issue than a federation issue. “Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location" I doubt lemmy and mastodon share image parsing code
minus-square@[email protected]linkfedilinkEnglish0•1 year agoI’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
minus-squareBrikoXOPlinkfedilinkEnglish6•1 year agoLemmy has been in development since 2019. And Lemmy uses pict-rs for images.
Directly probably not. Its more likely an implementation issue than a federation issue.
“Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location"
I doubt lemmy and mastodon share image parsing code
I’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
Lemmy has been in development since 2019. And Lemmy uses pict-rs for images.