On Fri, 2016-06-03 at 17:25 +1000, Brian May wrote: > Ben Hutchings <firstname.lastname@example.org> writes: > > > [ Unknown signature status ] > > On Thu, 2016-06-02 at 17:39 +1000, Brian May wrote: > > > Hello, > > > > > > Do we care about vulerabilities that are specific to HFS+? > > > > > > http://www.talosintel.com/reports/TALOS-2016-0093/ > > > CVE-2016-2334 > > > > If a program automatically detects file formats then every supported > > file format is part of its attack surface. I don't think we can rule > > out certain formats as too obscure. (See for example the recent > > attacks on ImageMagick/GraphicsMagick using a format that most people > > never heard of before. The fix there was to disable support for that > > format by default.) > > ... except we are not talking about file formats here, but different > file systems. [...] But those file systems do not have to be mounted. P7zip appears to handle disk images containing filesystems, just as if they are archive formats. Ben. -- Ben Hutchings Nothing is ever a complete failure; it can always serve as a bad example.
Description: This is a digitally signed message part