Re: texinfo vulnerability still working in 4.11

bug-texinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: texinfo vulnerability still working in 4.11

From:	Karl Berry
Subject:	Re: texinfo vulnerability still working in 4.11
Date:	Sun, 18 Nov 2007 16:35:10 -0600

    I think a better solution would be to specify a format string for
    stderr. 

That's the "reimplement error handling completely differently" change.
If you or anyone wants to send me a patch for that, great.

    I believe that's the proper way of handling it, and not
    including a format string specifier opens you up to a vulnerability.

I don't see it.  If a vulnerability persists, tell me the usual details.

karl

[Prev in Thread]

Current Thread

[Next in Thread]

texinfo vulnerability still working in 4.11, Cody Rester, 2007/11/16
- Re: texinfo vulnerability still working in 4.11, Karl Berry, 2007/11/16
  - Re: texinfo vulnerability still working in 4.11, Cody Rester, 2007/11/18
    - Re: texinfo vulnerability still working in 4.11, Karl Berry <=

Prev by Date: Re: texinfo vulnerability still working in 4.11
Next by Date: Re: texinfo-4.11 test failure
Previous by thread: Re: texinfo vulnerability still working in 4.11
Next by thread: install texinfo
Index(es):
- Date
- Thread