Your message dated Mon, 31 May 2010 21:45:14 -0400
with message-id <aanlktikd4dcv9czzi2knlfewduqj9cpqcx8k0fm60...@mail.gmail.com>
and subject line Re: Bug#584020: lsb-printing: Security bugs in ghostscript
has caused the Debian Bug report #584020,
regarding lsb-printing: Security bugs in ghostscript
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
584020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584020
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lsb-printing
Severity: grave
Tags: security
Justification: user security hole
Please note remote execute-any-code security bugs in ghostscript:
http://bugs.debian.org/583183
This package depends on ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.
Thanks,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
lsb-printing does not directly call Ghostscript; it is merely a
dependency package to assure Ghostscript is available on the system.
Individual LSB packages using Ghostscript would be responsible for any
security implications of processing untrusted PostScript code.
Accordingly I am closing this report. I would also suggest that
reports in this vein (for packages that actually call Ghostscript
directly with untrusted PostScript code) specify that #583183 is a
blocking bug for the report, for better tracking of this issue across
Debian.
Chris
On Mon, May 31, 2010 at 9:13 PM, Paul Szabo <paul.sz...@sydney.edu.au> wrote:
> Package: lsb-printing
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> Please note remote execute-any-code security bugs in ghostscript:
>
> http://bugs.debian.org/583183
>
> This package depends on ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.
>
> Thanks,
>
> Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics University of Sydney Australia
>
>
> -- System Information:
> Debian Release: 5.0.4
> APT prefers stable
> APT policy: (500, 'stable')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/bash
>
>
>
--
Christopher N. Lawrence, Ph.D. <c.n.lawre...@gmail.com>
Assistant Professor of Political Science
Texas A&M International University
313 LBVSC, 5201 University Blvd
Laredo, Texas 78041-1920
Website: http://www.cnlawrence.com/
--- End Message ---
