|
From: | Santiago Vila |
Subject: | Re: Building gettext without libtextstyle |
Date: | Thu, 30 Nov 2023 18:22:01 +0100 |
User-agent: | Mozilla Thunderbird |
El 28/11/23 a las 20:46, Bruno Haible escribió:
and has known security bugs.What is a security bug, depends on the context. The bug I know of is that with a particularly crafted .css file, it is possible to trigger a stack overflow. In the context of a browser, where a CSS file is shipped over the internet, it is a security bug. In the context of libtextstyle, where the .css files are either part of the package or created by the user, it is not a security bug. (Otherwise you would have to consider it a security bug in Emacs that it is possible to write endless recursions in Emacs Lisp.)
Ok, thanks a lot for the explanations. Not sure if I will be able to reenable libtextstyle soon. Currently I have to choose between having a gettext package with all the bells and whistles or having the package updated to 0.22.x sooner. If a --disable-libtextstyle option was available, I would probably still use it, at least in a temporary way. Thanks.
[Prev in Thread] | Current Thread | [Next in Thread] |