Control: tags -1 patch I've been using my patch for several months without any visible drawback.
On 2015-03-02 19:28:05 +0100, Moritz Muehlenhoff wrote: > On Mon, Dec 29, 2014 at 06:58:55PM +0100, Vincent Lefevre wrote: > > Control: tags -1 security > > > > On 2014-12-28 16:29:12 +0100, Vincent Lefevre wrote: > > > Note: This bug occurs very often and is very annoying, as one needs > > > to reselect what was selected (sometimes hardly possible). Moreover > > > the wrongly pasted text is similar to the correct text[*], meaning > > > that if one doesn't pay attention, one gets a file with permanently > > > incorrect data! > > > > Grrr... That's also a security problem. Due to this bug, a paste with > > a middle click in a web browser can end up in pasting private data! > > And Javascript can provide the pasted text to the web site immediately > > (Facebook does that), before the user can notice the problem. > > That's certainly a bug, but not an RC-level security issue. I disagree. Potentially leaking private data (which is a direct consequence of this bug) should be regarded as a RC-level security issue. This bug can also yield data loss. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
