lilypond-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security problem: lilypond-invoke-editor

From: Blöchl Bernhard
Subject: Re: Security problem: lilypond-invoke-editor
Date: Thu, 23 Nov 2017 11:32:38 +0100
User-agent: Roundcube Webmail/0.9.5
Is this the well documented Windows URI security flaw dicussed about 2007? 

https://www.networkworld.com/article/2286774/lan-wan/microsoft-to-fix-uri-security-flaw-after-criticism.html

https://blog.mozilla.org/security/2007/07/23/related-security-issue-in-url-protocol-handling-on-windows/

https://msdn.microsoft.com/en-us/library/aa767914(v=vs.85).aspx

If so, isn't that resolved already?

https://bugzilla.mozilla.org/show_bug.cgi?id=389106

Regards
https://bugzilla.mozilla.org/show_bug.cgi?id=389106Am 23.11.2017 10:11, schrieb Knut Petersen: 
Hi everybody!
12 years ago a security problem was introduced into lilypond-invoke-editor. 
On 2017/11/15 the problem was reported to the bug-lilypond mailing
list by Gabriel Corona.

If you decided to install lilypond-invoke-editor helper as a general
URI helper, you _are_ affected.

If you decided to install lilypond-invoke-editor to only handle
textedit URIs (or if you do not use it at all) you are _not_ affected.

If you do not know if you are affected:

1.: locate lilypond-invoke-editor

2. Open lilypond-invoke-editor in your favorite text editor. Search for

       (if (is-textedit-uri? uri)
         (run-editor uri)
         (run-browser uri)))))

and replace it with

       (if (is-textedit-uri? uri)
         (run-editor uri)))))

Knut

_______________________________________________
lilypond-user mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/lilypond-user
reply via email to
[Prev in Thread] Current Thread [Next in Thread]