From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00 shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id A77721F4B5; Sat, 16 Nov 2019 02:50:27 +0000 (UTC) Date: Sat, 16 Nov 2019 02:50:27 +0000 From: Eric Wong To: meta@public-inbox.org Subject: Re: libgmime experiences? (was: [PATCH] doc: update HACKING and TODO ...) Message-ID: <20191116025027.GA8203@dcvr> References: <20190921000642.7290-1-e@80x24.org> <20190921224003.GA21832@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190921224003.GA21832@dcvr> List-Id: Eric Wong wrote: > I've never used gmime as a user or hacker... I still haven't used it as a user. > However, looking at the Debian changelogs, there's only been one > CVE (CVE-2010-0409) from nearly a decade ago. Maybe all the > bugs are fixed, or nobody really abuses it. gmime 3.2.5 just came out which addresses stack exhaustion: https://download.gnome.org/sources/gmime/3.2/gmime-3.2.5.news (but there may be more work to do in that area...)