BrikoX to TechnologyEnglish • 2 years agoMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comexternal-linkmessage-square7fedilinkarrow-up1117arrow-down13cross-posted to: [email protected]mastodon[email protected][email protected][email protected][email protected]
arrow-up1114arrow-down1external-linkMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comBrikoX to TechnologyEnglish • 2 years agomessage-square7fedilinkcross-posted to: [email protected]mastodon[email protected][email protected][email protected][email protected]
minus-square@[email protected]linkfedilinkEnglish7•edit-22 years agoDirectly probably not. Its more likely an implementation issue than a federation issue. “Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location" I doubt lemmy and mastodon share image parsing code
minus-square@[email protected]linkfedilinkEnglish0•2 years agoI’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
minus-squareBrikoXOPlinkfedilinkEnglish6•2 years agoLemmy has been in development since 2019. And Lemmy uses pict-rs for images.
Directly probably not. Its more likely an implementation issue than a federation issue.
“Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location"
I doubt lemmy and mastodon share image parsing code
I’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
Lemmy has been in development since 2019. And Lemmy uses pict-rs for images.