[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PATCHES - Countdown for December 12th
From: |
James Lowe |
Subject: |
Re: PATCHES - Countdown for December 12th |
Date: |
Wed, 13 Dec 2017 18:07:46 +0000 (GMT) |
Herr Petersen,
On Wed, 13 Dec 2017 14:53:58 +0100, Knut Petersen <address@hidden> wrote:
> Am 12.12.2017 um 11:54 schrieb James Lowe:
> > Hello,
> >
> > Here is the current patch countdown list. The next countdown will be on
> > December 16th.
>
> We still have a severe security hole in lilypond, and a patch is available.
> See https://sourceforge.net/p/testlilyissues/issues/5243/
Yes I see a patch is available.
>
> It would take only minutes to prepare a pdf that starts to recursively
> wipe out the home directory of any user who opens that pdf in evince,
> mupdf etc. if support for textedit links is installed as recommended
> in our documentation. textedit links also might be embedded in html.
I don't doubt that your comments are valid, however looking at that tracker
thread and not being a developer I cannot tell if this was still under
discussion and it looked like, to my inexperienced eyes anyway, that there was
some dispute or reasoning that still needed confirmation.
So, if this tracker is NOT supposed to be at 'needs_work' then by all means set
it back to review. However, to save more compilation failures, can you rebase
the patch to current master as it has been a while since your patch was
uploaded.
Then I can see what needs to be done.
Danke schoen
James