main inclusion report for chmlib
Bug #236113 reported by
Jonathan Riddell
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chmlib (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Changed in chmlib: | |
assignee: | ubuntu-security → nobody |
Changed in chmlib (Ubuntu): | |
status: | Incomplete → Invalid |
To post a comment you must log in.
Despite the original MIR, chmlib has had quite a few vulns in the past, and due to its handling of HTML and integration into browsers it makes quite a nice attack vector. Kees, Jamie, can you please give this a deeper security review and an opinion about the general sanity of chmlib? Thanks!