Re: DLA-1792-1/ghostscript and cups-filters
On Sun, May 19, 2019 at 10:23:14PM +0200, Salvatore Bonaccorso wrote:
> Hi Roberto
> With the update of ghostscript in DLA 1792-1 for ghostscript pdfdict
> is hidden for the fix for CVE-2019-3839.
> cups-filters used though this undocumented internal, so with the
> ghostscript update cups-filter will experience a functional
> In unstable cups-filter was fixed shortly after the 9.27 update, for
> stable we issued a corresponding update for cups-filters following the
> ghostscript update as
> https://lists.debian.org/debian-security-announce/2019/msg00087.html .
> Thus I think you will need to issue same update for cups-filters as
> well for jessie to not use pdfdict but rather runpdfbegin. This way
> cups-filters will work both with a fixed and unfixed ghostscript.
> Please though double-check.
Thanks for letting me know. I will have a look as you suggest.
Roberto C. Sánchez