tags 560930 pending thanks On Tue, Feb 23, 2010 at 10:01:29PM +0100, Moritz Muehlenhoff wrote:
On Wed, Dec 30, 2009 at 01:35:08PM +0100, Jonas Smedegaard wrote:On Wed, Dec 30, 2009 at 01:01:23PM +0100, Moritz Muehlenhoff wrote: >On Sat, Dec 12, 2009 at 10:51:57PM -0500, Michael Gilbert wrote: >>package: ghostscript >>severity: serious >>tags: security >> >>Hi, > >The current Expat issues are not RC for Ghostscript per se, but >we should fix this by linking against the system copy of Expat. >(If a future issue is found in Expat, which allows code injection >we would need to issue a separate DSA for Ghostscript) > >To achieve this, SHARE_EXPAT needs to be set in base/expat.mak: > >---- ># Users of this makefile must define the following: ># SHARE_EXPAT - 1 to link a system (shared) library ># 0 to compile in the referenced source, ># EXPAT_CFLAGS - Compiler flags for building the source, ># EXPATSRCDIR - the expat source top-level directory, ># EXPATGENDIR - directory for intermediate generated files, ># EXPATOBJDIR - directory for object files. >----Thanks for the investigation!I noticed you omitted that change in your recent ghostscript. Is there are technical problem? If so, I can provide patches to fix these issues in the local Expat copy.
No other explanation than simple neglect. I am preparing a new upload now with this change.
Thanks for watching over me! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
