gs-2.6.1pl4-5 (ghostscript) released w/security patch

To: debian-changes@Pixar.com
Cc: tedhajek@sowhat.micro.umn.edu
Subject: gs-2.6.1pl4-5 (ghostscript) released w/security patch
From: tedhajek@all-blues.micro.umn.edu
Date: Tue, 29 Aug 1995 09:20:48 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.3.91.950829090122.232A-100000@all-blues.micro.umn.edu>
Reply-to: Ted Hajek <tedhajek@boombox.micro.umn.edu>

-----BEGIN PGP SIGNED MESSAGE-----

I just uploaded package revision five of ghostscript 2.61pl4.  It fixes a 
security hole when "-DSAFER" is used to prevent file manipulation; 
therefore users should upgrade as soon as possible.

I'd like another of the package developers to review the patch for 
effectiveness.  The patch was applied to a postscript file, so you should 
have at least some knowledge of postscript.

The package now complies with the "REQUIRES: xlibraries" scheme for 
programs with X11 interfaces.  Furthermore, I've replaced "gs_x", 
"gs_svga" and "gs_both" with a single binary package, "gs", which 
requires both svgalib and xlibraries.  Let me know if this poses a 
problem.

Here are the changelog entry and vital statistics:

gs-2.6.1pl4-4 to gs-2.6.1pl4-5    priority=URGENT    29 August 1995

        * gs_init.ps: Added security patch to fix holes in -DSAFER mode.

        * debian.control: Added extended description.  Package now depends
        on xlibraries and svgalib.  Package (gs) now conflicts with older
        incarnations (gs_x, gs_svga, gs_both).

        * Due to new policy on programs with x11/non-x11 interfaces
        depending on x11 shared libraries, which comprise a separate
        package, I decided to merge the three ghostscript binary packages
        (gs_svga, gs_both, gs_x) into a single package, gs.  After all,
        the svgalib files don't take up that much disk space (~480K)
        compared to that consumed by ghostscript and its associated
        fonts.  This will greatly simplify things for users.

94eca12f05ecaa0a308b1aee37e67268  ghostscript-2.6.1pl4-5.diff.gz
a785077e8b8b75e69648d0e35d09db8e  gs-2.6.1pl4-5.deb
4b0da3b07037b99f302dae0303e972c5  ghostscript-2.6.1pl4-5.tar.gz

        34184 Aug 29 08:36 ghostscript-2.6.1pl4-5.diff.gz
      1014520 Aug 28 23:41 ghostscript-2.6.1pl4-5.tar.gz
       493575 Aug 28 23:41 gs-2.6.1pl4-5.deb

Please let me know if you find any problems.

- -- Ted Hajek -- 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by mkpgp, a Pine/PGP interface.

iQCVAwUBMEMh72ER8wPxPPqxAQGx5wQAg+Urv7+baGuHb7wcFiZ2yL+vkjJIn9n+
OH/uRSUFJRMxT1sZLx++mB5iKZLMHGM2zA/qGQPoTJX9jPegeH6XBVwAi4p9+H1a
Yj7BVqU8WF3mx5YvxhL47kh2gy1YOvscK9KHffWlH3ZzCrdeSZl7oo8MuzfwsHXu
a3OCbxMl0Gk=
=v7Jw
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: xpat2-1.03-2 released
Next by Date: xsok-1.00-2 released
Previous by thread: xpat2-1.03-2 released
Next by thread: xsok-1.00-2 released
Index(es):
- Date
- Thread