Bug#584052: kdelibs4c2a: Security bugs in ghostscript
On Tuesday 01 June 2010 03:29:46 Paul Szabo wrote:
> Package: kdelibs4c2a
> Version: 4:3.5.10.dfsg.1-0lenny4
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> Please note remote execute-any-code security bugs in ghostscript:
>
> http://bugs.debian.org/583183
>
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.
Hi
This sounds like it is ghostscript that should be fixed, rather than anything
that use it.
gs --please-be-secure should not be something that you have to turn on on
each usage.
What's the good reason to fix in all apps rather than just making gs --please-
be-secure the default ?
(And I don't consider 'ghostscript upstream being idiots' a good reason)
/Sune
--
How can I save a OpenGL provider of a pointer?
You neither should remove the hard disk, nor need to debug the GUI.
Reply to: