[Debian-med-packaging] Bug#1003977: cwltool: privacy leak with option --print-doc
Jonas Smedegaard
dr at jones.dk
Tue Jan 18 20:48:01 GMT 2022
Package: cwltool
Version: 3.1.20211104071347-3
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Web pages produced with `cwltool --print-doc` contains links to only
resources, revealing when users render the document in a regular web
browser - or fails to produce intended layout if rendering while offline.
For inspiration, the tool pandoc by default (as packaged in Debian,
upstream defaults differ) links against local system-shared resources,
with an option for each resource to instead link to an online instance
of the user's own choice.
- Jonas
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmHnJ38ACgkQLHwxRsGg
ASHGwhAAh1ZBbK8+eImp+ezPzucf0dbtYtHJJAezZsNo+EcQQY7bE+p8JVDIzMBV
BFtUUPm1qbPIDH1wifMB6V/algzeuZRdoQn9sAr3nB8c5ecEAToVDdNQ0ZwPC126
dX+wunE0T2zKhrIfcQ2V93WCQdU2M/yw0qSvA7uyOypowJvOukTIrUC6/vyXM6A+
+L31oAsrE0QCfV9UO1mhYwJC8+K+6n3D2bCbnpWDNJ/xufglofhJmKRM7erw5Izr
L5Yeqi9Nl8G9UDffl4CGlMtSgqAlJzR29OdEkFMPT7rtPWB/ecOdM5NJn4djw4d6
64lFQKWEwi70kwB/oyp+ro8FDcGPkamZ6NXyOPEJFiV29M7Crvd8tco4Ih3rdjDd
Aka9Y1FUhTR2g7M4mn8kvNR6LDZFf/T0NvdMxaqYfgra72q1nPHnwMB1ephM+LP2
4C0Tbx3NiPGkPwLu/V7l7C7vOWDyth7DcE6b87pk4LWrGZxlf6+qGQTfRxdjDi6V
bpAvWMDxRJIeModFU3Dhwz1CQUltXI0111dw5Hcsb84Cefcr5ujvMLLjbuT7Dn8l
HPPtNFEL/6WvNmA3IMBu5JHX3niChldpww86Vs1hTOXqEXjB4Zucl7yAlkfoAMSK
5aK9/+wGrPp0ZkuaM1luL7W8HeRW6BL3g1EDLAcXRk2XKfZbqtE=
=Ls8d
-----END PGP SIGNATURE-----
More information about the Debian-med-packaging
mailing list