Hi, On Fri, Jun 21, 2019 at 05:16:49PM +0200, Moritz Mühlenhoff wrote: > On Fri, Jun 21, 2019 at 02:58:00PM +0100, Colin Watson wrote: > > At the very least, the limitation that this program cannot safely be > > used with untrusted input needs to be prominently documented (I'd > > suggest the package description and the manual page). web2png would be > > harder to replace this way, but at least people wanting to make > > straightforward use of gif2png should perhaps be advised to use some > > other image processing system instead whose maintainers have a more > > reasonable approach to reports of undefined behaviour in their programs. > > Thanks for reporting this! > > Let's just remove the package, we have properly maintained (and heavily > fuzzed) alternatives like imagemagick/graphicsmagick's convert and web2png > seems to be entirely a fringe use case.
I added a removal hint, so it should be gone soon. Ivo
