On Thursday 08 July 2004 7:18 pm, Reid Priedhorsky wrote: > Googling and searching the bug database only yielded a vague claim about a > remote exploit (bug #247585). I also asked over on debian-user and while > the flurry of replies showed that the removal decision was controversial > if not unpopular, no one gave any information on the security problems. > debian-devel has not turned up anything so far either.
Best anyone on debian-user or in #debian up on freenode can tell me the only one to notice the potential exploit (frankly I worry more about a meteor hitting the pc) is the one who removed postscript and who closes wishlists asking it back with wont-fix. Upstream still prints via postscript/default; for what it's worth. As I understand it the potential is that postscript as nearly turing-complete it can potentially run commands on your machine while printing L337 |-|4><0r Du|)3's web page. Like I said, not all that likely to actually happen in real life. But if anyone has more info I too would like to hear it. If you want postscript back; simply grab the source deb and roll your own; just edit rules under the debian folder. Delete the '--with-xprint' and '--disable-postscript' lines and do 'dpkg-buildpackage -rfakeroot'. However I did give the debs a version number of 99 to keep apt from updating them until there is a new mozilla version from upstream. -- How dare the government intervene to stifle innovation in the computer industry! That's Microsoft's job, dammit! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
