On 06/01/2010 03:05 AM, Paul Szabo wrote:
Package: courier-faxmail
Severity: grave
Tags: security
Justification: user security hole
Please note remote execute-any-code security bugs in ghostscript:
http://bugs.debian.org/583183
This package depends on ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.
The following Ghostscript commands are used by courier-faxmail:
erebus:/usr/lib/courier/faxmail# grep -i gs *
application-pdf.filter:$GS -sDEVICE=faxg3 $FAXRES -dBATCH
-sOutputFile=$OUTDIR/f%04d -dNOPAUSE -q -dSAFER - <$OUTDIR/.ps
application-postscript.filter:$GS -sDEVICE=faxg3 $FAXRES -dBATCH
-sOutputFile=$OUTDIR/f%04d -dNOPAUSE -q -dSAFER -
coverpage:$GS -sDEVICE=faxg3 $FAXRES -dBATCH -sOutputFile=$OUTDIR/f%04d -dNOPAUSE
-q -dSAFER - <$OUTDIR/.dpost
init:GS=/usr/bin/gs
text-plain.filter:$GS -sDEVICE=faxg3 $FAXRES -dBATCH -sOutputFile=$OUTDIR/f%04d
-dNOPAUSE -q -dSAFER - <$OUTDIR/.ps
What kind of fixes do you have in mind?
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
