Bug#584060: marked as done (python-codespeak-lib: Security bugs in ghostscript)

Tue, 01 Jun 2010 03:24:24 -0700 

Your message dated Tue, 1 Jun 2010 11:23:41 +0100
with message-id <20100601112341.04004...@bobcat.office>
and subject line Re: Bug#584060: python-codespeak-lib: Security bugs in 
ghostscript
has caused the Debian Bug report #584060,
regarding python-codespeak-lib: Security bugs in ghostscript
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584060: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584060
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: python-codespeak-lib
Severity: grave
Tags: security
Justification: user security hole


Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Paul Szabo wrote:

> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

Thanks for the bug report. However, I don't think python-codespeak-lib
is vulnerable:

 * It uses -dSAFER to execute ghostscript
 * Filenames are always passed with absolute filenames
 * Files don't include other files

(This only affects the stable version too, which is very very old now
and nobody is using it.)

Thanks again. Please let me know if I'm missing anything.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org
       `-

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to