Doug Fraser (fraserdw(a)xtra.co.nz) [041215 09:55]:
An even greater concern to me is the JPEG GDI+ Buffer
Overrun exploit
This problem isn't just academic; at [[Vandalism in Progress]] a user
recently reported getting a JPEG GDI+ exploit warning flag from his
software firewall, pointing to a Wikimedia address. Maybe a false alarm,
but who knows?
What do people have to say about this issue? Are my concerns unfounded? (I
want to re-iterate that I'm new to the list, so apologies if this has all
been covered already.)
Presumably virus scanning on uploads would be not too hard to implement.
(Is something like this, ClamAV or similar, in place for the mail server?)
And maybe a background scan running over the rest of the media databases.
- d.