retitle 592569 gs: ps documents can overwrite arbitrary files unless -dSAFER is
used
quit
Hi Paul,
Paul Szabo wrote:
> Please make the -dSAFER option the default.
>
> For discussion, rationale etc please see bugs #583183 and #584663
Thanks for a reminder. I'm retitling this bug to clarify th
I am getting distressed:
- having now seen DSA2093, which did not fix these issues
- looking in
http://security-tracker.debian.org/tracker/CVE-2010-2055
+ which does not list bug numbers, but says:
[lenny] - ghostscript (too risky for regressions)
(does that mean no lenny fix is
On Fri, Aug 13, 2010 at 09:10:20AM +1000, Paul Szabo wrote:
Dear Jonas,
... highest severities are treated as "RC" ...
Which severities are those: grave and critical?
... http://www.debian.org/Bugs/Developer#severities ...
Your question seems rethoric: Answer is explicitly written at above UR
Dear Jonas,
>>> ... highest severities are treated as "RC" ...
>>Which severities are those: grave and critical?
>>... http://www.debian.org/Bugs/Developer#severities ...
> Your question seems rethoric: Answer is explicitly written at above URL.
You are right, my mistake. (Not rhetoric, but "look
On Thu, Aug 12, 2010 at 10:07:44PM +1000, paul.sz...@sydney.edu.au wrote:
... Severity tags relate to the package globally, and the highest
severities are treated as "RC" ...
Which severities are those: grave and critical?
Quoting from http://www.debian.org/Bugs/Developer#severities :
Your q
Dear Jonas,
> ... Severity tags relate to the package globally, and the highest
> severities are treated as "RC" ...
Which severities are those: grave and critical?
Quoting from http://www.debian.org/Bugs/Developer#severities :
grave
... introduces a security hole allowing access to the a
On Thu, Aug 12, 2010 at 07:30:57AM +1000, paul.sz...@sydney.edu.au wrote:
... there's no need to have it of RC severity ...
Is RC same as grave? (I guess yes.)
A common mistake is to tag based on personal use. Severity tags relate
to the package globally, and the highest severities are trea
Dear Moritz,
> ... there's no need to have it of RC severity ...
Is RC same as grave? (I guess yes.)
> ... this behaviour of Ghostscript is well known and documented ...
Well known to a few elite. Is badly documented, e.g. the Debian man page
mentions only in passing that
-dSAFER ... [is] str
severity 592569 important
thanks
On Wed, Aug 11, 2010 at 01:00:49PM +1000, Paul Szabo wrote:
> Package: ghostscript
> Version: 8.62.dfsg.1-3.2lenny4
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
> Please make the -dSAFER option the default.
>
> For discussion, ratio
Package: ghostscript
Version: 8.62.dfsg.1-3.2lenny4
Severity: grave
Tags: security
Justification: user security hole
Please make the -dSAFER option the default.
For discussion, rationale etc please see bugs #583183 and #584663, and
particularly:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5
10 matches
Mail list logo
