[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#584013: hyperlatex: Security bugs in ghostscript


On 06/01/2010 03:10 AM, Paul Szabo wrote:
> This package depends on ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

There are several issues with this bug:

(1) If ghostscript has a bug, maybe it should be fixed there instead of
in all gs dependant packages?

(2) Mass bug filing (esp. RC/security) is generally not a great idea,
especially if

(3) You haven't checked the individual packages ("This package depends
on ghostscript, and may be affected").

(4) Please state clearly what's wrong with the package (hyperlatex in
this case). From the other bug reports I deduce that gs calls should be
extended with "-P- -dSAFER". This should be done in the hyperlatex
source package in bin/ps2image, for the record.


Reply to: