On Tue, Oct 09, 2018 at 10:46:04PM +0100, Ken Moffat via blfs-support wrote:
>
> For gs-9.25, apply the ghostscript-9.25-security_fixes-1.patch which
> is in lfs patches, and should be directly linked from the book when
> it is next rendered.
>
Patch now updated to -2, there were further vulnerabilities found
about a week later. This was messy (Artifex's master git is only
accessible from a web interface, picking out sufficient patches to
be able to apply the needed ones was very error-prone), and I lacked
an exploit. I've now been given one, and to my shock it came as a
PDF - I thought this was only for .ps files.
So, now fixed (patch is in patches/, will be picked up when the book
is next rendered). Please update if you use ghostscript, particularly
if you install the shared lib. Thanks.
ĸen
--
Is it about a bicycle ?
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
