fixed 618530 ghostscript/8.71~dfsg2-6
found 618530 ghostscript/8.71~dfsg2-6.1
found 618530 ghostscript/9.01~dfsg-2
tags 618530 + confirmed
# regression
severity 618530 important
retitle 618530 gs -dSAFER: /invalidfileaccess with "run" operator
forcemerge 414002 618530

Hi again,

Ralph Smith wrote:

> Surprisingly, the invalid file access does not occur in any of the versions
> you suggested, but returns when I upgrade to the current version
> (8.71~dfsg2-9).  For each case, I installed ghostscript, libgs8 and
> gs-common debs for the test.

Confirmed: with version 8.71~dfsg2-6.1 running

        man -t ls >ls.1
        echo '( run' | ghostscript -dSAFER

fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if
ghostscript-x is installed, renders the manpage).  This has nothing to do
with OutputFile, piped input, or relative paths --- something[1] has changed
to make innocuous _reads_ break with -dSAFER.

Michael, any hints?


[1] via debian/patches/1010_CVE-2010-2055.patch

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Reply via email to