Re: Bug#584013: hyperlatex: Security bugs in ghostscript

To: Paul Szabo <paul.szabo@sydney.edu.au>, 584013@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
From: Roland Stigge <stigge@antcom.de>
Date: Tue, 01 Jun 2010 10:31:10 +0200
Message-id: <[🔎] 4C04C54E.8090804@antcom.de>
In-reply-to: <20100601011033.18216.83719.reportbug@bari.maths.usyd.edu.au>
References: <20100601011033.18216.83719.reportbug@bari.maths.usyd.edu.au>

Hi,

On 06/01/2010 03:10 AM, Paul Szabo wrote:
> This package depends on ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

There are several issues with this bug:

(1) If ghostscript has a bug, maybe it should be fixed there instead of
in all gs dependant packages?

(2) Mass bug filing (esp. RC/security) is generally not a great idea,
especially if

(3) You haven't checked the individual packages ("This package depends
on ghostscript, and may be affected").

(4) Please state clearly what's wrong with the package (hyperlatex in
this case). From the other bug reports I deduce that gs calls should be
extended with "-P- -dSAFER". This should be done in the hyperlatex
source package in bin/ps2image, for the record.

bye,
  Roland

Reply to:

Follow-Ups:
- Re: Bug#584013: hyperlatex: Security bugs in ghostscript
  - From: Vincent Danjean <vdanjean.ml@free.fr>
- Re: Bug#584013: hyperlatex: Security bugs in ghostscript
  - From: paul.szabo@sydney.edu.au

Prev by Date: Re: correctly using other packages in postrm
Next by Date: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Previous by thread: Re: correctly using other packages in postrm
Next by thread: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Index(es):
- Date
- Thread