Dear Roger, > ijsgutenprint is a ghostscript IJS server driver. It's invoked > /by/ ghostscript, so is not itself responsible for running > ghostscript. One potential source of vulnerabilities is > actually in glue scripts such as Foomatic, so I think probably > should be reassigned to foomatic-db-gutenprint. Note that > most/all of Foomatic and ancillary data packages such > as foomatic-db-gutenprint are packages you should probably > look at.
Speaking to the printconf maintainer in http://bugs.debian.org/584026 he said that foomatic-filters is only affected. Maybe he knows, he is also the foomatic maintainer... > Have you considered a whole-archive search for e.g. -dSAFER in > the lintian lab? ... Sorry, do not know how to do that search. Can you explain? > ... If a program is using -dSAFER, it should also > be using -P- in all likelihood. It's probably better than > simply going off package dependencies. Responses to the various bugs show that no-one was aware of -P-, many still stubbornly say "I use -dSAFER thus am safe". I am not sure now if there was anyone without -dSAFER. Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
