Coffee ⏚ reshared this.
Edit: typo
like this
Thunderbird: Free Your Inbox, Sotolf, Dave :steamdeck:, Bob Mottram :debian:, Ariel Richtman, ClaudioM, Jessica :infinity_rainbow:, Bad Rob, Best Rob, jackson ❎, Birne Helene, Ade Malsasa Akbar, Space Tux, Anny is biking, teledyn 𓂀, Longplay Games :pc_color: 🎮, IzzyOnDroid ✅, FoolishOwl, Mohammed Ismail :emacs: :tux:, Steve Randy Waldman, rice and Paranoid Factoid like this.
reshared this
Steve Reilly, Ade Malsasa Akbar, dinosauce, Space Tux, rice and CedarTea reshared this.
ilyess reshared this.
like this
Ade Malsasa Akbar, Joël de Bruijn and Earthshine like this.
reshared this
Coffee ⏚, Jeff MacKinnon, Ade Malsasa Akbar, Joël de Bruijn and James P. :os_arch: :xfce: reshared this.
One option is to install UserLAnd and a VNC client so you can install Debian so you can install and run actual LibreOffice.
https://f-droid.org/packages/com.gaurav.avnc/
(for example - multiple options exist)
UserLAnd | F-Droid - Free and Open Source Android App Repository
Easiest way to run GNU/Linux Distros on Android - no root requiredf-droid.org
Collabora Online
Home of Collabora Online, the cloud-based office suite with collaborative editing - Collabora OnlineGitHub
How to use Edit Files with LibreOffice app in Nextcloud
Try 30days Free Nextcloud Trial and add your own domain to:========https://bit.ly/3CGiKwQ========#Nextcloud #Nextclouders #tabdigitalGet service grade: A+ Ne...YouTube
ZZ Bottom reshared this.
like this
ZZ Bottom, thamespirat and Miander like this.
reshared this
Susan ✶✶✶✶ and Christoph S reshared this.
1) Do you think that you read unknown-soured ebooks/pdfs regularly, and importantly, what's your existing threat model around those?
2) Giving F-Droid's proclivity for not disclosing the bug - can you be sure that the known issue is relevant?
3) What is the feature you like about Libera Reader?
I spent a long time finding a FOSS ereader that was usable. It was a while ago, so I don't exactly remember the specific criticisms of the others I'd tried.
I remember there was one where the right ~5% of the page would render off-screen.
I just want something I can read with and will remember my page on each book.
Jonathan Lamothe likes this.
From here: https://divestos.org/misc/appsec.txt
From here: https://github.com/foobnix/LibreraReader/issues/1030
So - basically - there's a chance you might trip over an unrisk analyzed CVE in an unlikely path that's used only sometimes on older devices.
These issues are:
https://github.com/advisories/GHSA-hh5m-fj6m-hwjp bad XPS file (I have never fed one into my PDF reader), and appears to be a crash, and only on Windows
https://github.com/advisories/GHSA-6xp9-rj6v-fx2r the exact same issue but different vector, also Windows only
https://github.com/advisories/GHSA-9jxc-7cqj-8cgc a repeat of the above, also only on windows
https://github.com/advisories/GHSA-gqv2-4ghg-ccgm this is an actual integer overflow - https://nvd.nist.gov/vuln/detail/CVE-2017-15587 shows that there's no known exploit or POC, so you might be only able to crash the app container - though it's possibly exploitable
OK! So there's a potentially problematic bug, in a fallback PDF renderer
This really feels like anti-security - since it's not a static code analysis, and just a specific report for *any* CVEs, not even relevant CVEs.
Personally? I'd wait for a fix and possibly stop running windows.
Jonathan Lamothe likes this.
Also, integer overflows might let you read random memory.
It's basically a case of "this is a vulnerability that could become a thing, and might already be a thing, but this is the root cause if it's a thing"
But I'm not aware of a criminal muPDF gang exploiting 5 year old muPDFs for the sweet sweet keys.
Since - uh - ebook pirates running muPDF probably isn't a large enough demographic for criminals
Edit:
This is why you really need to say *what* CVEs are involved, and what issues are the actual issues. Since just randomly saying "A security vulnerability" for both "Can turn on your camera while powered off, without turning on the camera light" and "There's an unexploited integer overflow" is just security theatre
silverwizard likes this.
This website uses cookies. If you continue browsing this website, you agree to the usage of cookies.
James Ryland Miller
•Matthew Skala
•Depending on how automated you want this to be, sox may be useful - it can certainly do the filtering, and can at least generate a spectrogram from which you can decide where to filter.
Csound can do this sort of thing more capably but using it will involve coding to define exactly what you mean.
Jonathan Lamothe likes this.
Jonathan Lamothe
Matthew Skala likes this.
Jonathan Lamothe
School of Video Game Audio
•Sonic Visualiser
www.sonicvisualiser.org