Bug#583316: marked as done (/usr/bin/gv: Insecure gs workaround "gs -P-")

Thu, 03 Jun 2010 10:06:22 -0700 

Your message dated Thu, 03 Jun 2010 17:03:25 +0000
with message-id <e1okdpf-0007te...@ries.debian.org>
and subject line Bug#583316: fixed in gv 1:3.6.91-1
has caused the Debian Bug report #583316,
regarding /usr/bin/gv: Insecure gs workaround "gs -P-"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
583316: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: gv
Version: 1:3.6.5-2
Severity: grave
File: /usr/bin/gv
Tags: security
Justification: user security hole


Please see
  http://bugs.ghostscript.com/show_bug.cgi?id=691339
  http://bugs.debian.org/583183
for details: gv should use the -P- switch when invoking gs.

Thanks, Paul

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages gv depends on:
ii  ghostscript-x [gs- 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii  gs-gpl             8.62.dfsg.1-3.2lenny1 Transitional package
ii  libc6              2.7-18lenny2          GNU C Library: Shared libraries
ii  libx11-6           2:1.1.5-2             X11 client-side library
ii  libxmu6            2:1.0.4-1             X11 miscellaneous utility library
ii  libxt6             1:1.0.5-3             X11 toolkit intrinsics library
ii  xaw3dg             1.5+E-17              Xaw3d widget set

gv recommends no packages.

gv suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: gv
Source-Version: 1:3.6.91-1

We believe that the bug you reported is fixed in the latest version of
gv, which is due to be installed in the Debian FTP archive:

gv_3.6.91-1.debian.tar.gz
  to main/g/gv/gv_3.6.91-1.debian.tar.gz
gv_3.6.91-1.dsc
  to main/g/gv/gv_3.6.91-1.dsc
gv_3.6.91-1_sparc.deb
  to main/g/gv/gv_3.6.91-1_sparc.deb
gv_3.6.91.orig.tar.gz
  to main/g/gv/gv_3.6.91.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 583...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard R. Link <brl...@debian.org> (supplier of updated gv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 03 Jun 2010 13:27:24 +0200
Source: gv
Binary: gv
Architecture: source sparc
Version: 1:3.6.91-1
Distribution: unstable
Urgency: medium
Maintainer: Bernhard R. Link <brl...@debian.org>
Changed-By: Bernhard R. Link <brl...@debian.org>
Description: 
 gv         - PostScript and PDF viewer for X
Closes: 583316
Changes: 
 gv (1:3.6.91-1) unstable; urgency=medium
 .
   * new upstream prerelease
   - targeted to unstable as it fixes security bugs:
   - run gs by default in safe directories (Closes: 583316)
   * build-depend on autotools-dev and do the config.{guess,sub}
     dance, as usage of more gnulib now needs those files again.
   * work around Makefile not creating directories recursively by
     creating /usr/share/gv before calling make install
Checksums-Sha1: 
 773c3ee7bbe9d5f2eaf22c7cfea2bdd6bd3e82fd 1294 gv_3.6.91-1.dsc
 f6868b482e1a153550412ddc18418846fc51d28d 746920 gv_3.6.91.orig.tar.gz
 7cda3ca7648ea8b04533f0595c2816a2ee3b3a0b 15371 gv_3.6.91-1.debian.tar.gz
 4ef7f01262b6a80582997df2a66a8f5f573f54de 228360 gv_3.6.91-1_sparc.deb
Checksums-Sha256: 
 01b5e7e754432dff94b650de052cb4135bdcb891d22e5913419ca0f7ed9ee946 1294 
gv_3.6.91-1.dsc
 f8fc478e78d4547f21278212ca502f1060a4b0451b99b1371e7a2bebe807e318 746920 
gv_3.6.91.orig.tar.gz
 a5de345b6684147e242bcf634ef520d8bb63a07a2cadefac95a8e2da68dc2d67 15371 
gv_3.6.91-1.debian.tar.gz
 ac106b314dd01eedd33eecad53d3ac4ef64d28a208e398d5476f2fa64e34e2c3 228360 
gv_3.6.91-1_sparc.deb
Files: 
 60d3c72cdcbf096293280dbee897682e 1294 text optional gv_3.6.91-1.dsc
 06fba27b92ff3bfdb72d478da833aba0 746920 text optional gv_3.6.91.orig.tar.gz
 c9370b580eaa3e0661e81ab3ffbacb33 15371 text optional gv_3.6.91-1.debian.tar.gz
 299f4eca0c8d728217ff14e13af561fb 228360 text optional gv_3.6.91-1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iJwEAQECAAYFAkwH3mgACgkQWzIpWA8dktrfTAP/UyAtaqyPsFhxt6uY4v0V4sPA
DN1L0RtmV5faA02o/BUqgU4+1jDkwxrpDP1KrlgGQRCk6lonviYLQw4yXMtWCpMC
JYpF/jHKiX+C15YLEoLnhvjSTzMJPX083Oe9U/3QUGyB0HQej2lz5vA64NRN2OGa
vV05p+z6AsfDv9OuWJU=
=JQdW
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to