Bug 61788
Summary: | netpbm contains multiple unsafe input handling errors | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Alan Cox <alan> |
Component: | netpbm | Assignee: | Phil Knirsch <pknirsch> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 7.3 | CC: | kmaraas, rvokal, twaugh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-04-02 23:19:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 61901, 67218, 79579 |
Description
Alan Cox
2002-03-24 16:26:01 UTC
Is there any other program that can duplicate the commandline functionality of it? Posting your root password to slashdot is about the equivalent functionality, or do you mean image processing. On the image handling side ImageMagick does some of it, and somewhat more safely Basically netpbm is not supportable, if people install it from Bero's collection or powerstools or similar things fine, but if we had to fix the mess that netpbm is then it probably represents multiple man weeks of engineering time. We have it in the tree solely because in our early days package QA was a bit lax. You honestly think the typical user uses or even knows what netpbm is - I'd count you as very atypical. You are extremely brave if you use those tools on anything that didn't come out of an app you personally trust to process those image formats correctly. We are not tslking complex stuff here, we are talking beginning C programmer errors. I'm also curious what features you use that imagemagick does not have ? Er.. perhaps we should take out the /usr/share/printconf/mf_rules/mf50-netpbm_filters file then? # # netpbm magicfilter rules # /p[gbp]m/ pipe/postscript/ /usr/bin/pnmtops -quiet /gif/ pipe/p[gbp]m/ /usr/bin/giftopnm /jpeg/ pipe/p[gbp]m/ /usr/bin/djpeg -pnm /png/ pipe/p[gbp]m/ /usr/bin/pngtopnm /TIFF image/ fpipe/p[gbp]m/ /usr/bin/tifftopnm $FILE /PC bitmap data/ pipe/p[gbp]m/ /usr/bin/bmptoppm /Sun raster image/ pipe/p[gbp]m/ /usr/bin/rasttopnm /SGI image data/ pipe/p[gbp]m/ /usr/bin/sgitopnm (These get run by the print spooler) This was done for 8.0? or 9? 9 it seems. Is it still as horrible as it was? The package seems to have had ten releases since the 7.2 one at least... |