[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: texinfo vulnerability still working in 4.11
From: |
Karl Berry |
Subject: |
Re: texinfo vulnerability still working in 4.11 |
Date: |
Sun, 18 Nov 2007 16:35:10 -0600 |
I think a better solution would be to specify a format string for
stderr.
That's the "reimplement error handling completely differently" change.
If you or anyone wants to send me a patch for that, great.
I believe that's the proper way of handling it, and not
including a format string specifier opens you up to a vulnerability.
I don't see it. If a vulnerability persists, tell me the usual details.
karl