Bug#584050: marked as done (impose+: Security bugs in ghostscript)

Debian Bug Tracking System Mon, 31 May 2010 19:24:18 -0700

Your message dated Mon, 31 May 2010 22:20:12 -0400
with message-id <20100601022012.gc12...@onerussian.com>
and subject line Re: Bug#584050: impose+: Security bugs in ghostscript
has caused the Debian Bug report #584050,
regarding impose+: Security bugs in ghostscript
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584050
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: impose+
Severity: grave
Tags: security
Justification: user security hole


Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

bboxx (which is the one to use gs) seems to be not effected directly:

$> dpkg -L impose+ | xargs grep -l gs
/usr/bin/bboxx
$> strace -omylog bboxx spica12.ps   
    Page:   llx   lly   urx   ury
       1    133   302   477   684
       2    133   139   478   717
       3    133   139   478   714
       4    133   138   478   715
       5    133   139   477   635
       6    133   138   478   717
       7    133   138   478   715
       8    132   138   478   715
       9    133   138   478   718
      10    133   138   478   714
      11    133   138   478   718
      12    133   139   478   718
      13    133   139   478   714
      14    133   138   477   709
      15    133   139   478   716
      16    133   138   478   717
      17    133   138   478   715
      18    133   138   478   715
Document:   132   138   478   718
$> grep '"\./' mylog | sort -u       
$> grep 'Encoding' mylog | sort -u 

On Tue, 01 Jun 2010, Paul Szabo wrote:
> Please note remote execute-any-code security bugs in ghostscript:

>   http://bugs.debian.org/583183

> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

> Thanks,
-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]

signature.asc
Description: Digital signature

--- End Message ---

Bug#584050: marked as done (impose+: Security bugs in ghostscript)

Reply via email to