Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Dear Roland,
> (1) If ghostscript has a bug, maybe it should be fixed there instead of
> in all gs dependant packages?
Yes, but gs says "cannot fix" and "please use -P-".
> (2) Mass bug filing (esp. RC/security) is generally not a great idea,
> especially if
> (3) You haven't checked the individual packages ("This package depends
> on ghostscript, and may be affected").
Sorry, I do my best but am only one.
> (4) Please state clearly what's wrong with the package (hyperlatex in
> this case). From the other bug reports I deduce that gs calls should be
> extended with "-P- -dSAFER". This should be done in the hyperlatex
> source package in bin/ps2image, for the record.
Yes, that probably should fix things. (Right now things are still unsafe
even with those options, but I expect gs to be able to fix the remaining
bugs.)
Thanks, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: