Re: Bug#584013: hyperlatex: Security bugs in ghostscript

To: 584013@bugs.debian.org, debian-devel@lists.debian.org, stigge@antcom.de
Subject: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
From: paul.szabo@sydney.edu.au
Date: Tue, 1 Jun 2010 21:10:05 +1000
Message-id: <[🔎] 201006011110.o51BA52t015858@bari.maths.usyd.edu.au>
In-reply-to: <[🔎] 4C04C54E.8090804@antcom.de>

Dear Roland,

> (1) If ghostscript has a bug, maybe it should be fixed there instead of
> in all gs dependant packages?

Yes, but gs says "cannot fix" and "please use -P-".

> (2) Mass bug filing (esp. RC/security) is generally not a great idea,
> especially if
> (3) You haven't checked the individual packages ("This package depends
> on ghostscript, and may be affected").

Sorry, I do my best but am only one. 

> (4) Please state clearly what's wrong with the package (hyperlatex in
> this case). From the other bug reports I deduce that gs calls should be
> extended with "-P- -dSAFER". This should be done in the hyperlatex
> source package in bin/ps2image, for the record.

Yes, that probably should fix things. (Right now things are still unsafe
even with those options, but I expect gs to be able to fix the remaining
bugs.)

Thanks, Paul

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

Follow-Ups:
- Re: Bug#584013: hyperlatex: Security bugs in ghostscript
  - From: Vincent Danjean <vdanjean.ml@free.fr>

References:
- Re: Bug#584013: hyperlatex: Security bugs in ghostscript
  - From: Roland Stigge <stigge@antcom.de>

Prev by Date: Re: Bug#584110: ITP: nose-cover3 -- Coverage 3.x support for Nose
Next by Date: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Previous by thread: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Next by thread: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Index(es):
- Date
- Thread