[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#584052: kdelibs4c2a: Security bugs in ghostscript

On Tuesday 01 June 2010 03:29:46 Paul Szabo wrote:
> Package: kdelibs4c2a
> Version: 4:3.5.10.dfsg.1-0lenny4
> Severity: grave
> Tags: security
> Justification: user security hole
> Please note remote execute-any-code security bugs in ghostscript:
>   http://bugs.debian.org/583183
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.


This sounds like it is ghostscript that should be fixed, rather than anything 
that use it.

gs --please-be-secure  should not be something that you have to turn on on 
each usage.

What's the good reason to fix in all apps rather than just making gs --please-
be-secure the default ?

(And I don't consider 'ghostscript upstream being idiots' a good reason)

How can I save a OpenGL provider of a pointer?

You neither should remove the hard disk, nor need to debug the GUI.

Reply to: