Hi, separately from the TTF composite-glyph issue in #368, I've found a second, distinct security issue.
There's no SECURITY.md or private vulnerability reporting enabled here, so I can't share specifics publicly. Could you point me to a security contact? I will be happy to send a minimal PoC and a suggested fix privately.
Thanks!
Hi, separately from the TTF composite-glyph issue in #368, I've found a second, distinct security issue.
There's no SECURITY.md or private vulnerability reporting enabled here, so I can't share specifics publicly. Could you point me to a security contact? I will be happy to send a minimal PoC and a suggested fix privately.
Thanks!