On Wed, Dec 30, 2009 at 01:01:23PM +0100, Moritz Muehlenhoff wrote:
On Sat, Dec 12, 2009 at 10:51:57PM -0500, Michael Gilbert wrote:package: ghostscript severity: serious tags: securityHi,The current Expat issues are not RC for Ghostscript per se, but we should fix this by linking against the system copy of Expat. (If a future issue is found in Expat, which allows code injection we would need to issue a separate DSA for Ghostscript) To achieve this, SHARE_EXPAT needs to be set in base/expat.mak: ---- # Users of this makefile must define the following: # SHARE_EXPAT - 1 to link a system (shared) library # 0 to compile in the referenced source, # EXPAT_CFLAGS - Compiler flags for building the source, # EXPATSRCDIR - the expat source top-level directory, # EXPATGENDIR - directory for intermediate generated files, # EXPATOBJDIR - directory for object files. ----
Thanks for the investigation! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
