Bug#584044: marked as done (dblatex: Security bugs in ghostscript)

Debian Bug Tracking System Thu, 03 Jun 2010 01:15:24 -0700

Your message dated Thu, 03 Jun 2010 10:06:28 +0200
with message-id <18942.1275552...@manetheren.home>
and subject line Re: Bug#584044: dblatex: Security bugs in ghostscript
has caused the Debian Bug report #584044,
regarding dblatex: Security bugs in ghostscript
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584044: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584044
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: dblatex
Severity: grave
Tags: security
Justification: user security hole


Subject: Security bugs in ghostscript

Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Paul Szabo <paul.sz...@sydney.edu.au> wrote:

> Package: dblatex
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> Subject: Security bugs in ghostscript
>
> Please note remote execute-any-code security bugs in ghostscript:
>
>   http://bugs.debian.org/583183
>
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

Thanks for the warning.  However dblatex is not affected:

dblatex doesn't call gs directly, but calls epstopdf (package
texlive-font-utils) which internally calls gs.

Thus closing the report.

BTW, I support messages #66¹ and #79² of the original report #583183³:
The security hole really should be fixed centrally, it's almost
impossible to identify all callers.

¹ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183#66
² http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183#79
³ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183

Regards, Andreas Hoenen
-- 
Andreas Hoenen <andr...@hoenen-terstappen.de>
GPG: 1024D/B888D2CE
     A4A6 E8B5 593A E89B 496B
     82F0 728D 8B7E B888 D2CE

pgpmCLsHZUXC3.pgp
Description: PGP signature

--- End Message ---

Bug#584044: marked as done (dblatex: Security bugs in ghostscript)

Reply via email to