Re: GnuTLS for W32

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS for W32

From:	Reiner Steib
Subject:	Re: GnuTLS for W32
Date:	Sat, 07 Jan 2012 22:03:55 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)

On Fri, Jan 06 2012, Juanma Barranquero wrote:

> 2012/1/6 Ted Zlatanov <address@hidden>:
>
>> The intention is to do whatever is appropriate on the platform to let
>> the user know they need to update and make the update easy.
>
> There's no single, general definition of "appropriate".
>
>> I'm not.  The risk is not worth the effort with image libraries.
>
> I don't understand why. Buffer overruns exploited through
> carefully-crafted images have been used before. 

yes, see e.g. CVE-2011-0408, http://www.kb.cert.org/vuls/id/388984,
http://www.google.com/search?q=libpng+arbitrary+code+execution

> I would fear that (as a vector for malware) much more than someone
> eavesdropping my communications.

I agree.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: GnuTLS for W32, (continued)

Prev by Date: Re: bug#10385: e binding in info-mode
Next by Date: RE: bug#10385: e binding in info-mode
Previous by thread: Re: GnuTLS for W32
Next by thread: Re: GnuTLS for W32
Index(es):
- Date
- Thread