[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATCHES - Countdown for December 12th
From: |
David Kastrup |
Subject: |
Re: PATCHES - Countdown for December 12th |
Date: |
Wed, 13 Dec 2017 19:16:14 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
"James Lowe" <address@hidden> writes:
> Herr Petersen,
>
> On Wed, 13 Dec 2017 14:53:58 +0100, Knut Petersen
> <address@hidden> wrote:
>
>> Am 12.12.2017 um 11:54 schrieb James Lowe:
>> > Hello,
>> >
>> > Here is the current patch countdown list. The next countdown will be on
>> > December 16th.
>>
>> We still have a severe security hole in lilypond, and a patch is available.
>> See https://sourceforge.net/p/testlilyissues/issues/5243/
>
> Yes I see a patch is available.
>
>>
>> It would take only minutes to prepare a pdf that starts to recursively
>> wipe out the home directory of any user who opens that pdf in evince,
>> mupdf etc. if support for textedit links is installed as recommended
>> in our documentation. textedit links also might be embedded in html.
>
> I don't doubt that your comments are valid, however looking at that
> tracker thread and not being a developer I cannot tell if this was
> still under discussion and it looked like, to my inexperienced eyes
> anyway, that there was some dispute or reasoning that still needed
> confirmation.
>
> So, if this tracker is NOT supposed to be at 'needs_work' then by all
> means set it back to review. However, to save more compilation
> failures, can you rebase the patch to current master as it has been a
> while since your patch was uploaded.
>
> Then I can see what needs to be done.
I'll upload a different and more generic patch today that doesn't change
as much but sort-of opens a different can of worms. But it would need
testing on Windows and I don't really know how to do that even
half-reliably.
--
David Kastrup