Re: [Inkscape-devel] Inkscape 0.48.2 ... coming soon
On Fri, 3 Jun 2011 13:49:23 -0700, Josh Andler wrote: Hey all,
Apparently there is an exploit in the gtk we ship with 0.48.1. Given that the recently updated devlibs required modifying trunk to compile, it seems logical to just ship out the fixes that have landed in the 0.48 branch since .1 was released.
Do you have a link for this exploit? Trying to decide how to prioritize pushing this update when it's released (and also see if any other things with "their own" libgtk have an affected version).
dan
-- Daniel Macks dmacks@...2516...
On Sat, Jun 4, 2011 at 6:50 AM, Daniel Macks <dmacks@...2516...> wrote:
On Fri, 3 Jun 2011 13:49:23 -0700, Josh Andler wrote: Hey all,
Apparently there is an exploit in the gtk we ship with 0.48.1. Given that the recently updated devlibs required modifying trunk to compile, it seems logical to just ship out the fixes that have landed in the 0.48 branch since .1 was released.
Do you have a link for this exploit? Trying to decide how to prioritize pushing this update when it's released (and also see if any other things with "their own" libgtk have an affected version).
As far as I know, it is not reported publicly at this point and the information was emailed to me. The information I can readily share is that it was known to be present in the copy of GTK+ 2.16.6 that we shipped with Inkscape 0.48.0 and Inkscape 0.48.1 and not present in the one that GIMP 2.6.11 ships, so it was fixed along the way.
Cheers, Josh
On Sat, Jun 4, 2011 at 6:50 AM, Daniel Macks <dmacks@...2516...> wrote:
On Fri, 3 Jun 2011 13:49:23 -0700, Josh Andler wrote: Hey all,
Apparently there is an exploit in the gtk we ship with 0.48.1. Given that the recently updated devlibs required modifying trunk to compile, it seems logical to just ship out the fixes that have landed in the 0.48 branch since .1 was released.
Do you have a link for this exploit? Trying to decide how to prioritize pushing this update when it's released (and also see if any other things with "their own" libgtk have an affected version).
Also, ~suv clued me in to who you are. The issue is win32 only... :) Sorry about any confusion. If you ever see me mention devlibs, I'm really only talking about win32 with that, but I still could have been a little more clear initially.
Cheers, Josh
participants (2)
-
Daniel Macks -
Josh Andler