[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#584013: hyperlatex: Security bugs in ghostscript

Dear Roland,

> (1) If ghostscript has a bug, maybe it should be fixed there instead of
> in all gs dependant packages?

Yes, but gs says "cannot fix" and "please use -P-".

> (2) Mass bug filing (esp. RC/security) is generally not a great idea,
> especially if
> (3) You haven't checked the individual packages ("This package depends
> on ghostscript, and may be affected").

Sorry, I do my best but am only one. 

> (4) Please state clearly what's wrong with the package (hyperlatex in
> this case). From the other bug reports I deduce that gs calls should be
> extended with "-P- -dSAFER". This should be done in the hyperlatex
> source package in bin/ps2image, for the record.

Yes, that probably should fix things. (Right now things are still unsafe
even with those options, but I expect gs to be able to fix the remaining

Thanks, Paul

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to: