On Wed, Dec 30, 2009 at 01:35:08PM +0100, Jonas Smedegaard wrote:
> On Wed, Dec 30, 2009 at 01:01:23PM +0100, Moritz Muehlenhoff wrote:
> >On Sat, Dec 12, 2009 at 10:51:57PM -0500, Michael Gilbert wrote:
> >>package: ghostscript
> >>severity: serious
> >>tags: security
> >>
> >>Hi,
> >
> >The current Expat issues are not RC for Ghostscript per se, but
> >we should fix this by linking against the system copy of Expat.
> >(If a future issue is found in Expat, which allows code injection
> >we would need to issue a separate DSA for Ghostscript)
> >
> >To achieve this, SHARE_EXPAT needs to be set in base/expat.mak:
> >
> >----
> ># Users of this makefile must define the following:
> ># SHARE_EXPAT - 1 to link a system (shared) library
> ># 0 to compile in the referenced source,
> ># EXPAT_CFLAGS - Compiler flags for building the source,
> ># EXPATSRCDIR - the expat source top-level directory,
> ># EXPATGENDIR - directory for intermediate generated files,
> ># EXPATOBJDIR - directory for object files.
> >----
>
>
> Thanks for the investigation!
I noticed you omitted that change in your recent ghostscript. Is there
are technical problem? If so, I can provide patches to fix these issues
in the local Expat copy.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
