Am Sonntag, den 02.09.2018, 12:59 +0200 schrieb Pavel Sanda: > After the recent discovery of ghoscript vulnerabilities distributions > seem to > actually follow suggestion of the security researcher who announced > them > and broadly ban any conversions from ps/eps/pdf/xps in imagemagick no > matter > the consequences. I don't need to stress on this list what it means > for > LyX -- just from todays update of my distro I'm not capable to view > most > of my documents by default... > > Unfortuntaly there is very little we can directly for 2.3.1. > We should at least signalize in announcement for distro maintainers > that this *is* > issue and perhaps add some hint how to allow users to locally enable > things > in policy.xml so they can continue their work. > > In longer-term -- if this ban continues -- we might try to ask Qt to > do the > conversions instead of imagemagick, but that's is definitely not for > 2.3.1.
The vulnerabilities have been resolved, so it seem to be a medium-term problem: https://artifex.com/news/ghostscript-security-resolved/ Jürgen > > Other ideas? > > Pavel > > https://www.bleepingcomputer.com/news/security/no-patch-available-yet-for-new-major-vulnerability-in-ghostscript-interpreter/ >
signature.asc
Description: This is a digitally signed message part