paul.sz...@sydney.edu.au wrote:
> The ghostscript people in
> http://bugs.ghostscript.com/show_bug.cgi?id=691339
> told me to use the -P- switch, and marked it "RESOLVED WONTFIX".
>
> I guess -P- should be the default, as well as -dSAFER should be.
I agree, instead of fixing this in every singl
wouldn't it make more sense to solve these issues in the ghostscript
package by itself; rather than 100 different packages.
even if ghostscript won't change their code, debian always has the
option to fix it anyway. that could be done be either applying a
patch that automatically uses the safer
>>Should some or all be alerted to the this security issue? So far gv and
>>libspectre1 only have been alerted (bugs #583316 and #583634).
>
> Yes, please.
Done, all mentioned packages alerted:
http://bugs.debian.org/584039 a2ps
http://bugs.debian.org/583994 advi
http://bugs.debian.org/5839
Further gs issues. The "gs scripts" mentioned below are in /usr/bin:
bdftops dumphint dvipdf eps2eps font2c gsbj gsdj gsdj500 gslj gslp
gsnd pdf2dsc pdf2ps pdfopt pf2afm pfbtopfa printafm ps2ascii ps2epsi
ps2pdf ps2pdf12 ps2pdf13 ps2pdf14 ps2pdfwr ps2ps ps2ps2 wftopfa
(maybe others?).
The
Processing commands for cont...@bugs.debian.org:
> tags 583183 help
Bug #583183 [ghostscript] /usr/bin/gs: Insecure gs initialization
Added tag(s) help.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
583183: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
tags 583183 help
thanks
On Mon, May 31, 2010 at 01:36:00PM +1000, paul.sz...@sydney.edu.au wrote:
Seems to me that the following packages depend on ghostscript:
advi advi-examples asymptote bmv c2050 capisuite courier-faxmail cups
cups-pdf epix1 epstool fbi fig2ps flpsed gv hevea hpijs hylafa
Seems to me that the following packages depend on ghostscript:
advi advi-examples asymptote bmv c2050 capisuite courier-faxmail cups
cups-pdf epix1 epstool fbi fig2ps flpsed gv hevea hpijs hylafax-client
hylafax-server hyperlatex ifhp ijsgutenprint kghostview latex-make
libgs-dev libspectr
I guess this issue can be exploited remotely.
If /etc/mailcap uses gs, then we are done: neither -P- nor -dSAFER are
defaults.
My Debian /etc/mailcap uses gv, and gv knows to use -dSAFER. First
"feed" the victim a "bad" PS file named gs_res.ps or pdf_base.ps or
similar. No harm done yet. Then "fe
The ghostscript people in
http://bugs.ghostscript.com/show_bug.cgi?id=691339
told me to use the -P- switch, and marked it "RESOLVED WONTFIX".
I guess -P- should be the default, as well as -dSAFER should be.
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
Package: ghostscript
Version: 8.62.dfsg.1-3.2lenny1
Severity: grave
File: /usr/bin/gs
Tags: security
Justification: user security hole
Please see
http://bugs.ghostscript.com/show_bug.cgi?id=691339
for details, quoted below for completeness.
I am not convinced that my "security wrapper" protect
10 matches
Mail list logo
