On Thu, Oct 27, 2016 at 06:31:43AM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> >
> > Salvatore mentioned that the same bug occurs when unstable has the security
> > patches merged (which hasn't happened so far :-/), so this needs to be
> > reported
> > upstream.
> >
> Would that be to ghostscript upstream? I guess that with seeing the
> evince problem in Jessie with both ghostscript 9.06~dfsg-2+deb8u2 and
> 9.06~dfsg-2+deb8u3 I wasn't certain that the fault is completely with
> ghostscript.
I haven't debugged this myself, but my guess is that libspectre relies/relied
on the insecure ghostscript behaviour which got patches with the security
fixes...
Cheers,
Moritz
