Jonathan Nieder
Sun, 20 Mar 2011 03:33:20 -0700
fixed 618530 ghostscript/8.71~dfsg2-6 found 618530 ghostscript/8.71~dfsg2-6.1 found 618530 ghostscript/9.01~dfsg-2 tags 618530 + confirmed # regression severity 618530 important retitle 618530 gs -dSAFER: /invalidfileaccess with "run" operator forcemerge 414002 618530 quit
Hi again,
Ralph Smith wrote:
> Surprisingly, the invalid file access does not occur in any of the versions
> you suggested, but returns when I upgrade to the current version
> (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and
> gs-common debs for the test.
Confirmed: with version 8.71~dfsg2-6.1 running
man -t ls >ls.1
echo '(ls.ps) run' | ghostscript -dSAFER
fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if
ghostscript-x is installed, renders the manpage). This has nothing to do
with OutputFile, piped input, or relative paths --- something[1] has changed
to make innocuous _reads_ break with -dSAFER.
Michael, any hints?
Jonathan
[1] via debian/patches/1010_CVE-2010-2055.patch
--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110320103051.GA15794@elie