Your message dated Thu, 10 Jun 2010 12:47:32 +0000
with message-id <e1omhas-0002xt...@ries.debian.org>
and subject line Bug#583634: fixed in libspectre 0.2.6-1
has caused the Debian Bug report #583634,
regarding evince: Insecure ghostscript invocation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
583634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: evince
Version: 2.22.2-4~lenny1
Severity: grave
Tags: security
Justification: user security hole
Please see
http://bugs.debian.org/583183
for details: evince seems to use ghostscript in an insecure way
when viewing PS files.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages evince depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii gnome-icon-theme 2.22.0-1 GNOME Desktop icon theme
ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.22.0-1 The Bonobo UI library
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.1-5+lenny1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst
ii libdjvulibre21 3.5.20-8+lenny1 Runtime support for the DjVu image
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.6-3 The GLib library of C routines
ii libgnome-keyring0 2.22.3-2 GNOME keyring services library
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display
ii libgnomeui-0 2.20.1.1-2 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.22.0-5 GNOME Virtual File System (runtime
ii libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libkpathsea4 2007.dfsg.2-4+lenny2 TeX Live: path search library for
ii libnautilus-extensi 2.20.0-7 libraries for nautilus components
ii liborbit2 1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.20.5-5+lenny1 Layout and rendering of internatio
ii libpoppler-glib3 0.8.7-3 PDF rendering library (GLib-based
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libspectre1 0.2.0.ds-1 Library for rendering Postscript d
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libtiff4 3.8.2-11.2 Tag Image File Format (TIFF) libra
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxml2 2.6.32.dfsg-5+lenny1 GNOME XML library
ii shared-mime-info 0.30-2 FreeDesktop.org shared MIME databa
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages evince recommends:
ii dbus-x11 1.2.1-5+lenny1 simple interprocess messaging syst
Versions of packages evince suggests:
pn poppler-data <none> (no description available)
ii unrar 1:3.8.2-1 Unarchiver for .rar files (non-fre
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libspectre
Source-Version: 0.2.6-1
We believe that the bug you reported is fixed in the latest version of
libspectre, which is due to be installed in the Debian FTP archive:
libspectre-dev_0.2.6-1_amd64.deb
to main/libs/libspectre/libspectre-dev_0.2.6-1_amd64.deb
libspectre1-dbg_0.2.6-1_amd64.deb
to main/libs/libspectre/libspectre1-dbg_0.2.6-1_amd64.deb
libspectre1_0.2.6-1_amd64.deb
to main/libs/libspectre/libspectre1_0.2.6-1_amd64.deb
libspectre_0.2.6-1.diff.gz
to main/libs/libspectre/libspectre_0.2.6-1.diff.gz
libspectre_0.2.6-1.dsc
to main/libs/libspectre/libspectre_0.2.6-1.dsc
libspectre_0.2.6.orig.tar.gz
to main/libs/libspectre/libspectre_0.2.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 583...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian Krap Maintainers <debian-qt-...@lists.debian.org> (supplier of updated
libspectre package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Jun 2010 14:34:08 +0200
Source: libspectre
Binary: libspectre1 libspectre1-dbg libspectre-dev
Architecture: source amd64
Version: 0.2.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian Krap Maintainers <debian-qt-...@lists.debian.org>
Changed-By: Debian Krap Maintainers <debian-qt-...@lists.debian.org>
Description:
libspectre-dev - Library for rendering PostScript documents - development files
libspectre1 - Library for rendering PostScript documents
libspectre1-dbg - Debugging symbols for libspectre
Closes: 583634
Changes:
libspectre (0.2.6-1) unstable; urgency=low
.
[ Pino Toscano ]
* New upstream release:
+ calls ghostscript in a more secure way. (Closes: #583634)
* Set the source format to 1.0, for the moment.
* Add "DM-Upload-Allowed: yes" in control.
Checksums-Sha1:
83d7479bb2a7c7432e370fe1f9314bd783b812a6 1261 libspectre_0.2.6-1.dsc
819475c7e34a1e9bc2e876110fee530b42aecabd 358088 libspectre_0.2.6.orig.tar.gz
819e07a7031538c62989c373a9c883b51127aa00 3247 libspectre_0.2.6-1.diff.gz
f2cef64dd19d0f6c599d74c4017ff223900cbc1f 48936 libspectre1_0.2.6-1_amd64.deb
896be88edc4fdd1084f9352413a9e4c49609998e 57356
libspectre1-dbg_0.2.6-1_amd64.deb
799e8eafb5467a91823d9ec3605df364e2a3003e 52658 libspectre-dev_0.2.6-1_amd64.deb
Checksums-Sha256:
9c1574e3347995cd8d595f252ab34639310313c4f6980457be312fd4f9a0d5eb 1261
libspectre_0.2.6-1.dsc
2f637c62322c8040514284c00f63a5c310a28801e7dcfbe2ba2791be4fac0dd3 358088
libspectre_0.2.6.orig.tar.gz
7e6fb605ce7a11a04ffbf74e40bec113e595428038e9c6d377a7ca78ca8f1e53 3247
libspectre_0.2.6-1.diff.gz
d5304c05236c269f7e7a1aa02098e61af3f9a2d1f78fbfddee76c87508a96306 48936
libspectre1_0.2.6-1_amd64.deb
77190b613eaa5d0db0f68599b9a5489b3e7f07ae8ffe77589ad381bcfc394e15 57356
libspectre1-dbg_0.2.6-1_amd64.deb
62b9f55c42b4e446f17d399f7ae195bf9d984a3fb4582029706e9451278c2edc 52658
libspectre-dev_0.2.6-1_amd64.deb
Files:
6c310a00be0c6c6b320436d6ec61a132 1261 libs optional libspectre_0.2.6-1.dsc
5c6db35f2097c3a04c48c7f435d4b507 358088 libs optional
libspectre_0.2.6.orig.tar.gz
a2049a623d99d3548404c50e2111f54a 3247 libs optional libspectre_0.2.6-1.diff.gz
25f636c54e7c5353bd78b8d79f1ec5e5 48936 libs optional
libspectre1_0.2.6-1_amd64.deb
3e6aaa66edce4da91cc7fad01f61f34e 57356 debug extra
libspectre1-dbg_0.2.6-1_amd64.deb
a3f6d14b11b6663a7fd6bca24127cb87 52658 libdevel optional
libspectre-dev_0.2.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Signed by Ana Guerrero
iEYEARECAAYFAkwQ3aQACgkQn3j4POjENGGwQACeIHTgGYEhN1WyidF9yulil/tw
FyEAn3e1jp+gBkYkBHHVX7BUkrOtRTyK
=2KlY
-----END PGP SIGNATURE-----
--- End Message ---
