I will probably finish this MIR in ~two weeks, I thought I'd share the notes I've collected so far in case they are useful to anyone:
Some unclean logs:
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
/usr/include/glib-2.0/glib/gmem.h:124:8: warning: mutter_session_proxy may be used uninitialized in this function [-Wmaybe-uninitialized]
src/remotedesktopdialog.c:148:16: warning: device_type_name may be used uninitialized in this function [-Wmaybe-uninitialized]
dh_install: Please use dh_missing --list-missing/--fail-missing instead
E: Lintian run failed (policy violation)
Lintian: fail
And some notes on the code:
- image_button_clicked() does image previews
- compose_mail_thunderbird() and compose_mail_evolution() would probably
allow attaching arbitrary files via malicious addresses -- are the
addresses shown specifically to the user to confirm them first? The
thunderbird variant may also allow the same attack via subject and
body text.
I will probably finish this MIR in ~two weeks, I thought I'd share the notes I've collected so far in case they are useful to anyone:
Some unclean logs:
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults glib-2. 0/glib/ gmem.h: 124:8: warning: mutter_ session_ proxy may be used uninitialized in this function [-Wmaybe- uninitialized] opdialog. c:148:16: warning: device_type_name may be used uninitialized in this function [-Wmaybe- uninitialized] missing/ --fail- missing instead
/usr/include/
src/remotedeskt
dh_install: Please use dh_missing --list-
E: Lintian run failed (policy violation)
Lintian: fail
And some notes on the code:
- image_button_ clicked( ) does image previews mail_thunderbir d() and compose_ mail_evolution( ) would probably
- compose_
allow attaching arbitrary files via malicious addresses -- are the
addresses shown specifically to the user to confirm them first? The
thunderbird variant may also allow the same attack via subject and
body text.
- supports
file chooser
app chooser
print
screenshot
notification
inhibit
access
account
email
screen cast
remote desktop
- launch_preview() appears to use unsafe string-based execution with
user-supplied content rather than safe array-based execution.
Thanks