6 Aug
2019
6 Aug
'19
14:26
On 06/08/2019 15.57, David C. Rankin wrote:
On 07/31/2019 09:21 AM, Dave Howorth wrote:
Amazing how something as stupid as the LibreLogo feature, which converts simple graphics-drawing instructions in the document into Python to run can allow an attacker to completely fsck your system over.
It appears that several graphic formats are dangerous. Postcript (and pdf), for example. As a solution, support for inserting postcript images is bieng removed from LyX packages, IIRC. Once this has been noticed, maybe other hackers are trying to hack other graphic handling applications. Interesting times ahead :-/ -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)