fixed 618530 ghostscript/8.71~dfsg2-6 found 618530 ghostscript/8.71~dfsg2-6.1 found 618530 ghostscript/9.01~dfsg-2 tags 618530 + confirmed # regression severity 618530 important retitle 618530 gs -dSAFER: /invalidfileaccess with "run" operator forcemerge 414002 618530 quit
Hi again, Ralph Smith wrote: > Surprisingly, the invalid file access does not occur in any of the versions > you suggested, but returns when I upgrade to the current version > (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and > gs-common debs for the test. Confirmed: with version 8.71~dfsg2-6.1 running man -t ls >ls.1 echo '(ls.ps) run' | ghostscript -dSAFER fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if ghostscript-x is installed, renders the manpage). This has nothing to do with OutputFile, piped input, or relative paths --- something[1] has changed to make innocuous _reads_ break with -dSAFER. Michael, any hints? Jonathan [1] via debian/patches/1010_CVE-2010-2055.patch -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org