Re: Building gettext without libtextstyle

bug-gettext

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building gettext without libtextstyle

From:	Bruno Haible
Subject:	Re: Building gettext without libtextstyle
Date:	Tue, 28 Nov 2023 20:46:50 +0100

Hello Santiago,

> by Zack Weinberg, which reads like this:
> 
>   libtextstyle is not packaged for Debian and depends on libcroco, which
>   is unmaintained

Wrong. See
<https://lists.gnu.org/archive/html/bug-gettext/2023-09/msg00047.html>.

>   and has known security bugs.

What is a security bug, depends on the context. The bug I know of is that
with a particularly crafted .css file, it is possible to trigger a stack
overflow. In the context of a browser, where a CSS file is shipped over the
internet, it is a security bug. In the context of libtextstyle, where the
.css files are either part of the package or created by the user, it is not
a security bug. (Otherwise you would have to consider it a security bug
in Emacs that it is possible to write endless recursions in Emacs Lisp.)

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

Building gettext without libtextstyle, Santiago Vila, 2023/11/28
- Re: Building gettext without libtextstyle, Bruno Haible <=
  - Re: Building gettext without libtextstyle, Santiago Vila, 2023/11/30
    - Re: Building gettext without libtextstyle, Bruno Haible, 2023/11/30
- Re: Building gettext without libtextstyle, Bruno Haible, 2023/11/28

Prev by Date: Building gettext without libtextstyle
Next by Date: Re: Building gettext without libtextstyle
Previous by thread: Building gettext without libtextstyle
Next by thread: Re: Building gettext without libtextstyle
Index(es):
- Date
- Thread