On Tuesday 01 June 2010 03:29:46 Paul Szabo wrote: > Package: kdelibs4c2a > Version: 4:3.5.10.dfsg.1-0lenny4 > Severity: grave > Tags: security > Justification: user security hole > > > Please note remote execute-any-code security bugs in ghostscript: > > http://bugs.debian.org/583183 > > This package suggests ghostscript, and may be affected. Please > evaluate the security of this package, and fix if needed.
Hi This sounds like it is ghostscript that should be fixed, rather than anything that use it. gs --please-be-secure should not be something that you have to turn on on each usage. What's the good reason to fix in all apps rather than just making gs --please- be-secure the default ? (And I don't consider 'ghostscript upstream being idiots' a good reason) /Sune -- How can I save a OpenGL provider of a pointer? You neither should remove the hard disk, nor need to debug the GUI. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
