On Sun, May 19, 2019 at 04:28:19PM -0400, Roberto C. Sánchez wrote: > Hi Salvatore, > > On Sun, May 19, 2019 at 10:23:14PM +0200, Salvatore Bonaccorso wrote: > > Hi Roberto > > > > With the update of ghostscript in DLA 1792-1 for ghostscript pdfdict > > is hidden for the fix for CVE-2019-3839. > > > > cups-filters used though this undocumented internal, so with the > > ghostscript update cups-filter will experience a functional > > regression. > > > > In unstable cups-filter was fixed shortly after the 9.27 update, for > > stable we issued a corresponding update for cups-filters following the > > ghostscript update as > > https://lists.debian.org/debian-security-announce/2019/msg00087.html . > > > > Thus I think you will need to issue same update for cups-filters as > > well for jessie to not use pdfdict but rather runpdfbegin. This way > > cups-filters will work both with a fixed and unfixed ghostscript. > > > > Please though double-check. > > > Thanks for letting me know. I will have a look as you suggest. > The cups-filter code is identical in stretch and jessie. The patch added for cups-filter 1.11.6-3+deb9u1 applies with no offset or fuzz. Based on that, I am preparing an update for cups-filter in jessie.
Thanks again for alerting me to this issue so that I can get an update published in a timely fashion. Regards, -Roberto -- Roberto C. Sánchez
