[ sent again to please Debian MTAs rejecting 8bit headers ] control: tag -1 wontfix Quoting Bernhard Übelacker (2020-02-04 20:13:41) > Control: fixed -1 9.26a~dfsg-0+deb9u6 > Control: fixed -1 9.26a~dfsg-0+deb9u1 > Control: fixed -1 9.25~dfsg-0+deb9u1 > Control: found -1 9.27~dfsg-3.1 > Control: found -1 9.27~dfsg-3 > Control: found -1 9.26a~dfsg-2 > Control: found -1 9.26a~dfsg-1 > Control: found -1 9.26~dfsg-2 > Control: found -1 9.26~dfsg-1 > Control: found -1 9.25~dfsg-7 > Control: found -1 9.25~dfsg-2 > Control: found -1 9.24~~rc2~dfsg-1 > Control: fixed -1 9.22~dfsg-1 > Control: fixed -1 9.21~dfsg-1 > Control: fixed -1 9.20~dfsg-3.2 > > > Hello, > tried to get a little further. > > The last version from sid that did not show this error > was 9.22~dfsg-1. All other good version seem to be created > as security updates, where I cannot find the build logs. Most notable change between 9.22 and 9.24 - and also applied to various degree in security updates - was a security fix affecting interpretation of Postscript code. Yes, it broke existing working code, but (as I understand it) only existing _insecurely_ working code. The change is highly unlikely to get reverted: Instead, reverse dependencies of Ghostscript need to apply fixes to tighten their code to avoid those Postscript routines identified as being insecure and therefore no longer permitted (or if certain that security is ensured in other ways then explicitly disable the safety measures). Please do not reassign these bugs to Ghostscript, even though provable that they are "fixed" by downgrading Ghostscript. The fix needs to be applied at the consumer end. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature