GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 04-Jul-2024 01:33:51 JST Kevin Beaumont Kevin Beaumont

    I think CVE-2024-29510 (Ghostscript vuln) may apply to Mastodon, as Mastodon sends images to ImageMagick, which can call Ghostscript. But I might be wrong.

    In conversation about 7 months ago from cyberplace.social permalink
    • Embed this notice
      zl2tod (zl2tod@mastodon.online)'s status on Thursday, 04-Jul-2024 01:43:09 JST zl2tod zl2tod
      in reply to

      @GossiTheDog
      Does Ghostscript get used for any filetypes that Mastodon accepts?
      My mind links Ghostscript and PDFs.

      In conversation about 7 months ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 08-Jul-2024 01:59:19 JST Kevin Beaumont Kevin Beaumont
      in reply to

      If anybody is wondering, I went back and looked at CVE-2024-29510 - based on my amateur analysis, if you upgraded Mastodon in the past year, you aren’t vuln, as the ImageMagick config was hardened.

      In conversation about 7 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.