Dear Moritz, > ... there's no need to have it of RC severity ...
Is RC same as grave? (I guess yes.) > ... this behaviour of Ghostscript is well known and documented ... Well known to a few elite. Is badly documented, e.g. the Debian man page mentions only in passing that -dSAFER ... [is] strongly recommended for spoolers ... However known or documented, still an "innocent" use of gs myfile.ps is unsafe. > ... fixing this is a planned enhancement for Squeeze+1 ... Is that within our lifetimes? > ... not a current pressing issue affecting the release of Squeeze. It is current and pressing. Maybe will not affect releases: Debian has been "known insecure" for always... Dirty politics. (I seem now to understand that Debian will not release with outstanding "grave" bugs: that is why they are all "squashed" just in time, whether by actual fix or artifice like #583183.) Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
