Thanks. Of course review in conjunction with upstream will do greps
and code searches and stuff like that. But it always possible to miss
something so reports are appreciated. For the files you mentioned:
src/utils.c: will get serious attention in conjunction with upstream
src/xtractprotos.c:
On 22.07.2016 20:23, Jeff Breidenbach wrote:
> No, I'm not sure. Leptonica is big and requires a thorough review in
> conjunction with upstream. Thank you for helping identify
> convertTiffMultipageToPS(), and please report anything else you
> happen to notice on mainline paths. Highly
No, I'm not sure. Leptonica is big and requires a thorough review in
conjunction with
upstream. Thank you for helping identify convertTiffMultipageToPS(), and
please report
anything else you happen to notice on mainline paths. Highly appreciated.
On 22.07.2016 19:19, Jeff Breidenbach wrote:
> There are additional hardcoded paths in the Leptonica
> library itself, but generally on debugging or regression test code paths.
> I will continue working with upstream on this topic.
Are you sure?
Looking at convertTiffMultipageToPS() from
I am removing the following programs from the leptonica-progs package
due to hardcoded predictable paths in /tmp. Between this and the earlier
patch, this solves all reported problems and therefore this particular bug
will be closed. There are additional hardcoded paths in the Leptonica
library
I will work with upstream on a permanent improvement. In the meantime,
I'm adding a small patch in 1.73-3 that will help with the specific problem
being discussed in de.comp.os.unix.linux.misc.
Acknowledged and taking action.
Package: liblept5
Version: 1.73-2
Severity: important
Tags: security
Hi!
A discussion in the German Usenet group de.comp.os.unix.linux.misc,
starting at MID: revealed some serious
security problems in leptonlib. (At least I think so.)
The leptonlib-progs and
8 matches
Mail list logo