yesterday we suffered a very strong earthquake here in Venezuela. we’re physically safe, but @alasky was the most affected due to damages caused by being on the affected area (we live in separate states).
i’m doing this post so i can help him out to take care of these, to buy food, and to keep some reserves in case he has to take a trip to somewhere safer (which is likely).
any help is truly appreciated!
edit: really appreciating all the help this has been receiving, and all the shares around. hope everyone is doing well 🫂
A vulnerability in ffmpeg allows remote code execution via a crafted media file https://www.securityweek.com/ffmpeg-pixelsmash-flaw-allows-rce-on-video-players-media-servers-nas-appliances/
This affects anything that would even try to generate a *thumbnail*, and that includes your file browser, your fedi server, etc etc etc.
EDIT: Replies have pointed out that ASLR needed to be disabled for the exploit to work, so it may not be quite as exploitable as the press release makes it sound. Not sure. (At least, not without many retries.) At any rate, look forward to deploying the fix.
(kemona_halftau)
i propose a ban on 12-hour time effective yesterday