... Which are probably too strong words. I don't mean oCERT being a scam, or Andrea being untrustworthy.
oCERT seems to me just a startup, and they did loud noise to gain popularity. What I dislike is they are doing loud noise using lcms. But there is nothing evil in Andreas or oCERT per se. There have been several different patches, from the first one Andrea sent me, which completely broke lcms to the latest, beta1, which was supposed to be a temporary remedy. Please don't use any, do a full upgrade to 1.18 instead. Regarding my comment about backdoors, I have received several reports of crashes and segmentation faults on applications after applying the patch, therefore some in the patch *may* cause a crash, and a crash *may* open a backdoor. I didn't mean the patch was deliberately introducing backdoors, but the fact the patch generates crashes. Sorry if I didn't explain myself. But for the rest it is ok, please make sure to always use lcms full distributions. I only verify in full the release, not the candidates. Regards Marti Maria >Thanks Cyrille, >I was aware of that. The short history is, a guy called Adrea Barisani, >claiming to represent some obscure security company called oCERT, was >providing a patch to fix a "vulnerability" they found. >At the end, the oCERT company was just Andrea Barsiani who setup ocert >in 2008 to get google sponsoring. >The whole internet is now filled with hype about this "vulnerability", >and in truth this "patch" breaks littlecms functionality, and probably >opens some back door, so, please: >DON'T USE PATCHES FROM UNTRUSTED SOURCES. >I guess you were told something similar in school right? :-) >The problem, if any, is restricted to a very specific architecture (x86, >no DEP, crafted profile). >With this patch lcms does not work at all. Please upgrade to 1.18 and >let's forgot all this nasty stuff. >Regards >Marti Maria ------------------------------------------------------------------------------ _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
