Re: twitter-bootstrap / CVE-2018-14040 / CVE-2018-14041 / CVE-2018-14042

To: Antoine Beaupré <anarcat@orangeseeds.org>, debian-lts@lists.debian.org
Subject: Re: twitter-bootstrap / CVE-2018-14040 / CVE-2018-14041 / CVE-2018-14042
From: Brian May <bam@debian.org>
Date: Sun, 02 Sep 2018 17:08:09 +1000
Message-id: <[🔎] 87mut01ina.fsf@silverfish.pri>
In-reply-to: <87a7p2xrk5.fsf@curie.anarc.at>
References: <87o9ednwdj.fsf@silverfish.pri> <87lg8rbx1j.fsf@curie.anarc.at> <87tvnd3o79.fsf@silverfish.pri> <87a7p2xrk5.fsf@curie.anarc.at>

Antoine Beaupré <anarcat@orangeseeds.org> writes:

> What do you think? Should we push this forward?

I am somewhat concerned that by fixing this we might be breaking
something. Even if it is 100% broken behaviour, maybe some application
depends on this?

Is the potential attack bad enough to justify potential breakage? I am
not absolutely convinced.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: twitter-bootstrap / CVE-2018-14040 / CVE-2018-14041 / CVE-2018-14042
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Next by Date: Re: twitter-bootstrap / CVE-2018-14040 / CVE-2018-14041 / CVE-2018-14042
Next by thread: Re: twitter-bootstrap / CVE-2018-14040 / CVE-2018-14041 / CVE-2018-14042
Index(es):
- Date
- Thread