Package: gimp
Version: 2.4.7-1
Severity: grave
Tags: security
Justification: user security hole
Please note remote execute-any-code security bugs in ghostscript:
http://bugs.debian.org/583183
This package suggests ghostscript, and may be affected. Please
evaluate the security of this
On 05/31/2010 09:37 PM, Paul Szabo wrote:
This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.
What do you suggest I fix? gimp already calls gs with -dSAFER.
--
To UNSUBSCRIBE, email to
Dear Ari,
Seems that you need to call gs with -P- also; and ensure any files
(to read) passed as command-line arguments are full pathnames.
Pre-creating an empty directory and running gs there, as gv
http://bugs.debian.org/583316
intends to do, might help.
Cheers, Paul
Paul Szabo
3 matches
Mail list logo
