61659018e3
This option is pulling in t1lib. t1lib is an enormous security risk. It hasn't seen maintenance since 2011 and we have local patches for security issues from 2011. Given the lack of attention, it's likely there are more security issues lurking. Documents are usually obtained from untrusted sources, and thus are considered a remote attack vector Documents may embed their own fonts. If one embeds a T1 font, it might be parsed by this unmaintained library. To avoid this risk, rip out the t1lib dependency. |
||
|---|---|---|
| .. | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| options.mk | ||
| PLIST | ||