The release team is not quick in coming up with a solution...
and anyway Google has released version 131.0.6778.139.
I removed chromium from my machines, using GoogleChrome instead:
seems to work happily without any abi1-19 or even abi1-16.
Thanks, Paul
--
Paul Szabo p
gt;= 1:19.1.4)
libunwind-19 (>= 1:19.1.4)
but those are not available in bookworm (are for trixie).
Can you please re-build so is installable on bookworm.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University
quot;, but did
not help to fix the issue. I may try to change physical RAM modules,
not sure whether have suitable replacements.
Cheers, Paul
--
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University of SydneyAustralia
Bummer. This last "echo x > /tmp/x" issue is probably the result of
protected_regular being set in kernel configs, see
https://docs.kernel.org/admin-guide/sysctl/fs.html#id12
Sorry about the noise. (Hangs head in shame.)
Cheers, Paul
Another oddity that should never happen: root cannot write file
that he does not own. Demonstration (root running bash):
root# touch /tmp/x
root# ls -l /tmp/x
-rw-r--r-- 1 root root 0 Aug 10 09:39 /tmp/x
root# echo a > /tmp/x
root# chown 2:2 /tmp/x
root# ls -l /tmp/x
-rw-r--r-- 1 bin
Dear Aurelien,
I used LD_PRELOAD=libc_malloc_debug.so for MALLOC_CHECK_. With those
extra checks (tried all values of MALLOC_CHECK_ from 0 to 20), glibc
did not show any errors, suggesting that the bug is not in inetd.
The original poster said his issue shows on some hardware only.
I observed my
ebug.so "fixes" the
issue.
Hope this helps to find the cause.
Cheers, Paul
References:
http://btorpey.github.io/blog/2019/07/14/memory-checking/
https://www.gnu.org/software/libc/manual/html_node/Heap-Consistency-Checking.html
--
Paul Szabo p...@maths.usyd.edu.au www.maths.u
that come to
mind:
www.debian.org/security/2003/dsa-380
www.debian.org/security/2009/dsa-1694
bugs.debian.org/511516
Anyway, I solved my problem by "apt purge rxvt-unicode" on all my
machines.
Cheers, Paul
--
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.ed
disclosure/2021/May/51
(quoted below for completeness), it seems that this is now fixed
upstream in version 9.25, maybe they did consider it a bug.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University of Sydney
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University of SydneyAustralia
Quoting messasge:
From: def
To:
Date: Sun, 16 May 2021 15:32:48 +0300
Subject: [FD] (u)rxvt terminal (+bash) remoteish code execution 0day
#!/usr/bin
urgent data,
because of a buffer overflow involving the netclear and nextitem
functions.
Seems to me that inetutils contains the same (vulnerable) utility.c
functions. Please check.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au www.maths.usyd.edu.au/u/psz
School of Mathematics and
ch upgrade). This seems
confusing. Would it be worthwhile to handle them both in the same way?
Maybe some other things in postinst could get the same treatment.
(Simple is easier to keep secure.)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathe
there a need to set
it writable? Is there a need to have these owned by group tomcat8, could
they be left as root:root and world-accessible?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
the DEB package, the ownership only to be fixed in postinst? In the
current DEB, that directory is not group-writable.
Could you kindly explain how this all works.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
Hmm... I just accused you of being mistaken... but maybe it is I
who is wrong. - Now thinking it through again.
Cheers, Paul
.
>
> https://anonscm.debian.org/cgit/pkg-java/tomcat8.git/commit/?id=02570d6
>
> The script still chmods the Catalina directory but this one can't be
> replaced by a symlink.
You are mistaken. Please re-read the original bug report.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.
reopen 845393
thanks
Not done. Please fix proper.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
Dear Emmanuel,
> No longer make /etc/tomcat8/Catalina/localhost writable ...
The bug depends on "Catalina" being writable; the permissions on
"localhost" are irrelevant.
Please re-open.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.
--
I now notice that the Debian bug contraption does not CC me on messages:
just being the submitter does not add you to the CC list, you need to
explicitly "subscribe". So I missed a number of intermediate messages.
---
Markus wrote previously:
> ... Besides all tomcat processes are killed on purge.
Where does that happen? I do not think that is true.
Neither are any possible setuid-tomcat8 or setgid-tomcat8 files removed.
---
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
ses, also.
That might be a "good thing": deluser or delgroup might not "work"
with left-over, running processes; and might protect against a race.
But really... why do you care about leaving some "dangling" useless
object, owned by some long-gone UID or GID?
her useful attacks might be to make the objects:
/root/.Xauthority
/etc/ssh/ssh_host_dsa_key
world-readable; or make something (already owned by group tomcat8)
group-writable (some "policy" setting maybe?).
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/
the world.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
Dear Andreas,
> I have a completely untested patch sitting in GIT - do you have a
> possibility to test packages built from that?
I could replace files, or DEB packages, on some test machines. Do not
know whether that testing would be exhaustive: do not know how many
features of the sendmail pack
es always have a process like:
USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND
smmsp 2880 0.0 0.0 11956 3236 ?Ss Oct11 0:00 sendmail:
Queue runner@00:10:00 for /var/spool/mqueue-client
running.
Cheers, Paul
Paul Szabo p...@maths.us
Hmm... you may also need to (once) do:
chown smmsp /var/run/sendmail/stampdir/reload
when adopting my patch.
Cheers, Paul
su smmsp -s /bin/bash -c "touch
> $STAMP_DIR/cron_msp";
912c912
< touch $STAMP_DIR/cron_mta;
---
> su smmsp -s /bin/bash -c "touch $STAMP_DIR/cron_mta";
938c938
<
eed for DSA. (Sorry about the noise.)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
ymlink, you do the useless "mkdir -p" and you chown; I win.
For your test, you took the rm out of your script: you should see /etc
being chowned to tomcat8. Please confirm.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
ing a response time in less than a day is not very reasonable,
> especially when there are things like the time difference between
> Australia and Europe.
You can do better, if you try.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
a whole day... compared to that, Markus replied within the
hour to the Debian bug. (But he did not yet reply to my next, private
bug/message... seems public messaging works best!)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
appreciated. ...
Maybe the security team will understand (recognize, accept) the issue
without a PoC. If they reply with such a need, then I will write one.
You or they might accept the suggested patch/fix: mkdir without -p,
chown with -h.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://
"chown -h". (This would
protect against the above attack.)
The script should use plain mkdir without "-p": not needed as we create
a single directory, and should not be used to let mkdir return failure.
(This may make it safe.)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au
Dear Vincent,
> Could you provide a bit more information about the package versions
> on your system?
> dpkg -l rpcbind nfs-common nfs-kernel-server systemd
psz@como:~$ dpkg -l rpcbind nfs-common nfs-kernel-server systemd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpa
=rpcbind.service instead?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
t-get dist-upgrade"
sequences, and "start anacron" happens nightly. (Some other systemd
commands may also affect.)
I propose the attached patch to avoid the issue. This patch seems to work
well for me.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.
e 24
...
make: *** [debian/stamp-patched] Error 1
dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2
Can you give me a hint on what I am doing wrong?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
Dear Tobias,
I submitted http://bugs.debian.org/684645 against liblockfile1.
But then I realized that liblockfile is fine and that the bug must be
within mail.local sources, so I re-assigned that bug to sendmail-bin.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http
sendmail-bin sources. - Such "pretence" was noted
previously, in the initial report of http://bugs.debian.org/648941 .
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBS
wrong order.
Please see http://bugs.debian.org/648941 also.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: wheezy/sid
APT prefers testin
at bug is in sendmail-bin or maybe elsewhere.
Assuming the latter, I will now submit a new bug against liblockfile1.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE,
t;/var/mail/.lk10336dp639", "/var/mail/psz.lock") = 0
open("/var/mail/psz", O_WRONLY|O_APPEND) = 4
fcntl64(4, F_SETLKW, {type=F_WRLCK, whence=SEEK_CUR, start=0, len=0}) = 0
which seems the wrong order.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu
permit corruption of mail files, and in fact observed on
rare occasions.
Please see http://bugs.debian.org/513298 also.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- Package-spe
I do not use XML so did not verify.)
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.8
APT prefers oldstable
APT policy: (500, '
; mismatch -\r\n May
be DNS failure - Please try again later'
gdm : all : allow
However I notice that gdm uses IP address only, not hostname when
evaluating hosts.allow lines, so I wonder about the effectiveness
of this protection.
How would I test whether my setup is vuln
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
584653 and
#584663 are marked "Fixed in version 9.00~dfsg-1".
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.o
Dear Mehdi,
> We prefer targeted fixes ...
> ... we won't be able to review [gs 9.00] or accept it ...
Supposing that those "targeted fixes" may not happen. Would you then
release gs 8.71 with a grave (= RC) bug? Or would you drop gs, or delay
squeeze? I am genuinely curious
I do apologize if I misunderstood something, and done the wrong thing
yet again.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@li
magick, no need for more "mass bug filing".)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a sub
Ubuntu has now added the reference CVE-2010-3879 to
https://bugs.launchpad.net/bugs/670622 and marked in "confirmed".
Other interesting references:
https://bugzilla.redhat.com/show_bug.cgi?id=651183
https://bugzilla.novell.com/show_bug.cgi?id=651598
Cheers, Paul
Paul
n|stat|access)' x.out | grep -E -v '"/(usr|etc|var|lib)/'
strace -o x.out /usr/bin/gs -P x.ps >/dev/null 2>&1; grep -E
'^(open|stat|access)' x.out | grep -E -v '"/(usr|etc|var|lib)/'
The first two are identical: attempt to load various th
1 - The bug is done, ghostscript is OK.
2 - Version 8.71 has a grave i.e. RC bug, must upgrade to 9.00.
(or something else)? Your reply suggests that they will choose "2",
in effect assuring me that this will make it into squeeze.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http:
for bug #592569 also,
to have -dSAFER as default?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject
which may be closer to this issue.
I would expect DSA-1989 to have been adopted and fixed by Ubuntu,
where the original poster says he found the issue.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University
attached below.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
pefully
working, secure) "-P-".
(These bugs are related. I had tried to report them as the "one thing"
bug 583183, but that did not get very far...)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
help shift the agenda ...
Thanks for understanding.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a su
covers e.g. mass-filing.
I do try to keep up. (Not much time left after useless arguments...)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bu
ugreport.cgi?bug=583183#42
and that it will not be rudely and wrongly closed like #583183 was in
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=91;bug=583183
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics Universi
=584663#55
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
ript?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
I wonder if this is now fixed upstream:
http://bugs.ghostscript.com/show_bug.cgi?id=691350#c19
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian
that upstream finally seems to have made -P- the
default, after all the ugly shouting (now deleted) saying WONTFIX in
http://bugs.ghostscript.com/show_bug.cgi?id=691316
http://bugs.ghostscript.com/show_bug.cgi?id=691339
---
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http
>> Yes. All those who wish to call gs in unsafe ways, can (should!)
>> explicitly use -P (and -NOSAFER).
> You surely ment "-dNOSAFER", not "-NOSAFEE".
Sorry, wrote that carelessly "from memory", without consulting the
oh-so-useless Debian man page. Y
e best course of action.
Do you mean http://bugs.ghostscript.com/show_bug.cgi?id=691350#c18 ?
Is not that "search only in /usr/share/ghostscript" idea even more
restrictive than -P- which excludes "." only?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usy
is
https://bugzilla.redhat.com/show_bug.cgi?id=599564
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a
h gs, thus it is unsafe with all those options,
but those are being worked on upstream and should make it into Debian,
eventually.)
Cheers, Paul (noting I am no gs expert, nor Debian maintainer)
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematic
316
to also be protected against some as-yet-unpatched (but hopefully
upcoming) gs bugs.
Hope this helps...
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email t
orry I do not think I will have time to follow this up, now, to that
detail: am going on holidays, for four weeks starting this weekend, and
will not have computer access during that time.
If the issue is still outstanding in July then I will work on it again,
and may ask for your help then.
Cheers, P
And I do not know if ghostscript will ever be fixed in any sense.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debi
hood. It's probably better than
> simply going off package dependencies.
Responses to the various bugs show that no-one was aware of -P-, many
still stubbornly say "I use -dSAFER thus am safe". I am not sure now if
there was anyone without -dSAFER.
Thanks, Paul
Paul Szabo
f" cups? In that case you may be "safe" because of
chdir("/"), see http://bugs.debian.org/584002 .
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To
Dear Mehdi,
>>>>> On a side note, you should check ...
> In case, it isn't obvious: I already read 583183 before closing and I
> explained why advi-examples isn't open to such flaws.
I see: that comment was not directed at me.
Thanks, Paul
Paul Szabo
d like to know
your opinion.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubs
x
so cannot comment. (Please see the contortions that gv is going to
to protect themselves in http://bugs.debian.org/583316 .)
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To
Dear Sune,
I agree with you. I suggested to gs that it should be secure-by-default,
but they refused. Please do convince them...
In the meantime, maybe you want to fix your use of that crappy gs.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of
Dear Racke,
> ... I just wonder why this option isn't mentioned in the gs manpage.
Good question. Maybe report as a bug to ghostscript?
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University o
Dear Colin,
Your explanation shows you are not directly responsible (maybe not
vulnerable at all), and can close the bug.
Thanks for investigating, sorry about the "noise".
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathe
Dear Racke,
> What kind of fixes do you have in mind?
Please add the -P- option to all $GS invocations.
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
--
To UNSUBSCRIBE, em
duce that gs calls should be
> extended with "-P- -dSAFER". This should be done in the hyperlatex
> source package in bin/ps2image, for the record.
Yes, that probably should fix things. (Right now things are still unsafe
even with those options, but I expect gs to be able to fi
Dear Chris,
I now see what tripped me up: in my Packages file, printconf depends on
ghostscript, but foomatic-filters doesn't. Maybe that could be fixed?
Thanks, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics Universi
not so
good, I "hit" printconf instead of foomatic-filters apparently.
But in essence, because I was asked to do so: please see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183#42
and thereabouts.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/
print files; if they have some control over the
name, and foomatic runs in that directory, then it is doomed.
Thanks for your help.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAust
curity team if it is
> valid to file a bug like this.
Thanks, please let me know what you find. Please also see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183#42
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statis
ts are now compromised.
I also guess that cups may be used for printing... I do not know whether
that runs as root (compromising the whole machine) or as user "printer"
(allowing attackers to "steal" sensitive printouts).
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au
Dear Ari,
Seems that you need to call gs with -P- also; and ensure any files
(to read) passed as command-line arguments are "full pathnames".
Pre-creating an empty directory and running gs there, as gv
http://bugs.debian.org/583316
intends to do, might help.
Cheers, Paul
Paul
ure gs initialization
http://bugs.ghostscript.com/show_bug.cgi?id=691350 gs_init.ps tried in
current dir despite -P-
http://bugs.ghostscript.com/show_bug.cgi?id=691355 Missing -P- and -dSAFER in
scripts
http://bugs.ghostscript.com/show_bug.cgi?id=691356 Relative filenames in
scripts
Cheers, Paul
Paul Sz
, and fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture:
needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
package, and fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architec
if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Ker
security of this package, and fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 's
fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture:
needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Ker
needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
, and fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture:
needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i68
package, and fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustralia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architec
1 - 100 of 219 matches
Mail list logo
