On 2025-10-31 09:02:14 +0100, Nicolas George wrote: > Vincent Lefevre (HE12025-10-31): > > How can you be so sure? > > I looked at the code.
You would have seen that there is potential denial of service (process crashes). Worse, Fabio Degrigis could trigger a SIGSEGV on a memcpy: https://www.openwall.com/lists/oss-security/2025/10/18/4 which would mean a bad pointer or buffer overflow. > > That's your opinion, but almost all software honors locales. > > Almost all software runs on Windows or Macos. So what? Here we're on Debian. > > That's impossible when there is a dependency. > > Then do not install the dependant software either. This is silly. -- Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
