lilypond-auto
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] #5243 Fix secu


From: Auto mailings of changes to Lily Issues via Testlilyissues-auto
Subject: [Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] #5243 Fix security problem in lilypond-invoke-editor
Date: Thu, 23 Nov 2017 08:35:54 -0000


[issues:#5243] Fix security problem in lilypond-invoke-editor

Status: Started
Created: Thu Nov 23, 2017 08:35 AM UTC by Knut Petersen
Last Updated: Thu Nov 23, 2017 08:35 AM UTC
Owner: nobody

Fix security problem in lilypond-invoke-editor

If lilypond-invoke-editor was installed as a
general uri-helper it was easy to abuse it to
execute arbitrary code on an attacked system.

With this patch lilypond-invoke-editor only
handles textedit URIs.

We could have fixed URI passing to the browser,
but it is not our job to provide a general
URI helper. Other software (e.g. xdg-open and
friends) should be used for that.

Signed-off-by: Knut Petersen address@hidden

http://codereview.appspot.com/336240043


Sent from sourceforge.net because address@hidden is subscribed to https://sourceforge.net/p/testlilyissues/issues/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/testlilyissues/admin/issues/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Testlilyissues-auto mailing list
address@hidden
https://lists.sourceforge.net/lists/listinfo/testlilyissues-auto

reply via email to

[Prev in Thread] Current Thread [Next in Thread]