Re: Disabling ghostscript handled formats in imagemagick and graphicsmagick

To: Markus Koschany <apo@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>, alteholz@debian.org
Subject: Re: Disabling ghostscript handled formats in imagemagick and graphicsmagick
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 22 Oct 2018 13:31:59 +0200
Message-id: <[🔎] 20181022113159.rco6adfiikt3xe6x@inutil.org>
In-reply-to: <[🔎] a32ddd32-132b-574d-a7c2-3e2f0e8fa060@debian.org>
References: <[🔎] a32ddd32-132b-574d-a7c2-3e2f0e8fa060@debian.org>

On Mon, Oct 22, 2018 at 01:23:21PM +0200, Markus Koschany wrote:
> Hi,
> 
> Several security vulnerabilities were discovered in Ghostscript in
> recent weeks. Although all known issues were fixed, there is still a
> chance that there are more of them, yet undiscovered. The security
> researcher who found those issues recommends to disable Ghostscript
> handled formats by default in Imagemagick. [1] I think this should be
> extended to Graphicsmagick too.
> 
> Thorsten, you are currently working on Imagemagick. Could you apply this
> patch [2] from Ubuntu to our package as well?

Better wait until that change has been made in unstable first:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907336

Cheers,
        Moritz

Reply to:

References:
- Disabling ghostscript handled formats in imagemagick and graphicsmagick
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Disabling ghostscript handled formats in imagemagick and graphicsmagick
Next by Date: Re: Gnutls investigation and request for advice for Jessie
Previous by thread: Disabling ghostscript handled formats in imagemagick and graphicsmagick
Next by thread: Re: Wheezy update of spamassassin?
Index(es):
- Date
- Thread