OK, so as far as I understand, we'd better pass '-dSAFER -P-' to 'ps2pdf' (which is AFAICS the only ghostscript script that's used in page-crunch).
David, what do you think? - Sylvain On Tue, Jun 01, 2010 at 11:14:06AM +1000, Paul Szabo wrote: > Package: page-crunch > Severity: grave > Tags: security > Justification: user security hole > > > Please note remote execute-any-code security bugs in ghostscript: > > http://bugs.debian.org/583183 > > This package depends on ghostscript, and may be affected. Please > evaluate the security of this package, and fix if needed. > > Thanks, > > Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of Sydney Australia > > > -- System Information: > Debian Release: 5.0.4 > APT prefers stable > APT policy: (500, 'stable') > Architecture: i386 (i686) > > Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores) > Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) > Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
