On Fri, 2016-12-16 at 16:22 -0600, Michael Catanzaro wrote: > On Fri, 2016-12-16 at 12:18 -0500, Matthew Miller wrote: > > Can someone confirm that this update at least mitigates the issue > > highlighted in the blog? > > The blog post indicates that it also targets the totem thumbnailer and > totem itself, so no, improving tracker is not sufficient here. Doesn't it mitigate the completely drive-by attack via Chrome and tracker metadata parsing, though? You can still exploit it, but not so seamlessly...right? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
