Bug#584047: marked as done (grace: Security bugs in ghostscript)

Debian Bug Tracking System Mon, 31 May 2010 19:06:18 -0700

Your message dated Mon, 31 May 2010 18:57:19 -0700
with message-id <20100601015718.ga30...@ofb.net>
and subject line Re: Bug#584047: grace: Security bugs in ghostscript
has caused the Debian Bug report #584047,
regarding grace: Security bugs in ghostscript
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584047: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584047
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: grace
Severity: grave
Tags: security
Justification: user security hole


Subject: Security bugs in ghostscript

Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages grace depends on:
pn  fftw2 | fftw2 <none>                     (no description available)
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
pn  lesstif1      <none>                     (no description available)
ii  libc6         2.7-18lenny2               GNU C Library: Shared libraries
ii  libjpeg62     6b-14                      The Independent JPEG Group's JPEG 
pn  libpng2       <none>                     (no description available)
pn  libtiff3g     <none>                     (no description available)
pn  netcdfg3      <none>                     (no description available)
pn  t1lib1        <none>                     (no description available)
pn  xlibs         <none>                     (no description available)
pn  xmhtml1       <none>                     (no description available)
ii  zlib1g        1:1.2.3.3.dfsg-12          compression library - runtime

grace recommends no packages.

grace suggests no packages.

--- End Message ---

--- Begin Message ---

On Tue, Jun 01, 2010 at 11:27:42AM +1000, Paul Szabo wrote:
> Package: grace
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> 
> Subject: Security bugs in ghostscript
> 
> Please note remote execute-any-code security bugs in ghostscript:
> 
>   http://bugs.debian.org/583183
> 
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

Er, I don't see how a bug in ghostscript merits a grave bug on a package that
might use it.  Any fix would take place only in the ghostscript package,
presumably?

Regardless, grace does not directly call /usr/bin/gs, it's just suggested as a
useful tool for certain tasks in the documentation.  Please don't mass file
bugs unless they really *are* bugs!

-- 
Nicholas Breen
nbr...@ofb.net

--- End Message ---

Bug#584047: marked as done (grace: Security bugs in ghostscript)

Reply via email to