On Fri, Apr 09, 2021 at 03:51:21PM +0200, Maxime Devos wrote:
> Leo Famulari (26 Feb 2019) wrote:
> > Since this bug was filed, Ghostscript has received more scrutiny and
> > serious bugs continue to be found.
>
> I assume you meant ‘fixed’.
I did not mean 'fixed'. As far as I know, no work was d
Leo Famulari (26 Feb 2019) wrote:
> Since this bug was filed, Ghostscript has received more scrutiny and
> serious bugs continue to be found.
I assume you meant ‘fixed’.
> [...]
> Barring that, we should keep our package up to date
ghostscript can be updated to 9.54
(https://ghostscript.com/dow
Since this bug was filed, Ghostscript has received more scrutiny and
serious bugs continue to be found.
The recommendation of the researchers seems to be to disable and remove
Ghostscript unless a Postcript interpreter is actually necessary.
Barring that, we should keep our package up to date and
In some configurations of the GNOME and KDE desktops (and maybe others),
there is a remote code execution vulnerability via the Nautilus
thumbnailing system, via Evince and Ghostscript:
"My colleague Jann Horn pointed out evince (which uses libgs, which is
affected with some tweaks to the PoC) is
