Y
Hacker News
new
|
ask
|
show
|
jobs
by
smaili
3318 days ago
For those wondering, this issue (referred to as YB2 or Yahoobleed #2 by the author) has
already been fixed
by Yahoo:
> Yahoo! fixed YB2 at the same time as YB1, by retiring ImageMagick.
2 comments
scarybeast
3318 days ago
FWIW, I've been very impressed with how Yahoo! handled this disclosure.
link
tyingq
3318 days ago
Ouch. I have a site the generates images with ImageMagick based on user input. Guess I'm off to look for details.
link