Now those gpg.fail people made me find similar vulns elsewhere (console control character injection). By "elsewhere" I mean... my own code.
Opinions wanted: should "input can inject console output with ansi and control chars" always be considered a vuln/CVE?
(I'll fix it in any case, I'm just wondering if I should do all the "security release/advisory/request CVE/..." stuff.)
hanno
npub1sy…83cq9
2026-01-01 12:08:40 GMT
Author Public Key
npub1syue7pmxnqdduqh2ydqwavs0vx056jnc5zxmlg6lxecrl9zdtxfq283cq9Seen on
wss://relay.momostr.pinkPublished at
2026-01-01 12:08:40 GMTEvent JSON
{
"id": "7dae63f7c5dfbc734790019036b81a163da365db93368c2a9152c3d321599351",
"pubkey": "81399f0766981ade02ea2340eeb20f619f4d4a78a08dbfa35f36703f944d5992",
"created_at": 1767269320,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/@hanno/115819762186404328",
"web"
],
[
"proxy",
"https://mastodon.social/users/hanno/statuses/115819762186404328",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/hanno/statuses/115819762186404328",
"pink.momostr"
],
[
"-"
]
],
"content": "Now those gpg.fail people made me find similar vulns elsewhere (console control character injection). By \"elsewhere\" I mean... my own code.\nOpinions wanted: should \"input can inject console output with ansi and control chars\" always be considered a vuln/CVE?\n(I'll fix it in any case, I'm just wondering if I should do all the \"security release/advisory/request CVE/...\" stuff.)",
"sig": "a0f979d514d394e4ff43f0ee7747e73715a6c8df808de71047073937d280ae3be666c48851f8e4519fd36570b10690c5ead09dd6eb99c9a11a2a37a0c7f22f38"
}