Comment 1 for bug 1746327
Revision history for this message
| Mathieu Trudel-Lapierre (cyphermox) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
MIR looks good in general, but it *is* a JSON parser, and could potentially deal with untrusted data. Looking at the code quickly, it's pretty complicated, so it doesn't sound unlikely that there'd be some potential issues there.
I agree that in this case it's for syslog, but it's still important that we consider any future uses when the package is in main.
Let's get the Security Team's opinion on this.