Bug#584052: kdelibs4c2a: Security bugs in ghostscript

To: Paul Szabo <paul.szabo@sydney.edu.au>, 584052@bugs.debian.org
Subject: Bug#584052: kdelibs4c2a: Security bugs in ghostscript
From: Sune Vuorela <Sune@vuorela.dk>
Date: Tue, 1 Jun 2010 13:49:30 +0200
Message-id: <[🔎] 201006011349.32372.Sune@vuorela.dk>
Reply-to: Sune Vuorela <Sune@vuorela.dk>, 584052@bugs.debian.org
In-reply-to: <[🔎] 20100601012946.24587.28613.reportbug@bari.maths.usyd.edu.au>
References: <[🔎] 20100601012946.24587.28613.reportbug@bari.maths.usyd.edu.au>

On Tuesday 01 June 2010 03:29:46 Paul Szabo wrote:
> Package: kdelibs4c2a
> Version: 4:3.5.10.dfsg.1-0lenny4
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 
> Please note remote execute-any-code security bugs in ghostscript:
> 
>   http://bugs.debian.org/583183
> 
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

Hi

This sounds like it is ghostscript that should be fixed, rather than anything 
that use it.

gs --please-be-secure  should not be something that you have to turn on on 
each usage.

What's the good reason to fix in all apps rather than just making gs --please-
be-secure the default ?

(And I don't consider 'ghostscript upstream being idiots' a good reason)

/Sune
-- 
How can I save a OpenGL provider of a pointer?

You neither should remove the hard disk, nor need to debug the GUI.

Reply to:

References:
- Bug#584052: kdelibs4c2a: Security bugs in ghostscript
  - From: Paul Szabo <paul.szabo@sydney.edu.au>

Prev by Date: Re: Accepted kdeplasma-addons 4:4.4.4-1 (source all amd64)
Next by Date: Re: Accepted kdeplasma-addons 4:4.4.4-1 (source all amd64)
Previous by thread: Bug#584052: kdelibs4c2a: Security bugs in ghostscript
Next by thread: Processing of kdeadmin_4.4.4-1_source+amd64.changes
Index(es):
- Date
- Thread