Doug Fraser (fraserdw@xtra.co.nz) [041215 09:55]:
An even greater concern to me is the JPEG GDI+ Buffer Overrun exploit This problem isn't just academic; at [[Vandalism in Progress]] a user recently reported getting a JPEG GDI+ exploit warning flag from his software firewall, pointing to a Wikimedia address. Maybe a false alarm, but who knows? What do people have to say about this issue? Are my concerns unfounded? (I want to re-iterate that I'm new to the list, so apologies if this has all been covered already.)
Presumably virus scanning on uploads would be not too hard to implement. (Is something like this, ClamAV or similar, in place for the mail server?) And maybe a background scan running over the rest of the media databases.
- d.