On Fri, Jun 21, 2019 at 02:58:00PM +0100, Colin Watson wrote:
> At the very least, the limitation that this program cannot safely be
> used with untrusted input needs to be prominently documented (I'd
> suggest the package description and the manual page). web2png would be
> harder to replace this way, but at least people wanting to make
> straightforward use of gif2png should perhaps be advised to use some
> other image processing system instead whose maintainers have a more
> reasonable approach to reports of undefined behaviour in their programs.
Thanks for reporting this!
Let's just remove the package, we have properly maintained (and heavily
fuzzed) alternatives like imagemagick/graphicsmagick's convert and web2png
seems to be entirely a fringe use case.
Cheers,
Moritz
