Javier Serrano Polo skrev:
El dj 06 de 03 del 2008 a les 14:59 +0100, en/na Ove Kaaven va escriure:
What do you mean?
I mean I may investigate further into this problem and find a solution.
And why do
you need the tag removed *before* looking at it?
The wontfix tag means you won't fix the bug
Well, *I* won't fix it. But if you have a good alternative which
upstream might accept (such as patching giflib), then that would mean
someone else fixed it, which doesn't make it less of a fix...
> (i.e., won't accept good alternatives).
Or rather, just don't know any. That could change, I suppose. If someone
*did* take a look, maybe.
Though I just don't see the big deal. There are probably hundreds of far
more serious security issues in Wine than gif files embedded in .doc
files. Most notably, of course, is that Wine can run arbitrary code and
can't sandbox it. Any .exe, .dll, or whatever, could do any Linux
syscall it wants. Wine also steals code from chmlib, cabextract, and
many other projects, and have tons of other inherent buffer overflows
and security flaws. Why are people worried about Wine loading gifs, and
demand that a security team stand by to fix just *that* so much faster
and more efficient than anyone would fix any of the hundreds or
thousands of *other* security issues inherent in Wine?
Hmm. I suppose I should just close the report, since the original
submitter probably thought that using external giflib was actually an
option in the build system that I could just turn on or something.
Tempting...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
