On Wed, Jan 30, 2019 at 03:02:53PM +0100, Markus Koschany wrote:
> The truth is the -dSafer option gives a false sense of security even in
> the latest release and we will probably continue to see more of those
> issues.
Obviously, any deployment which processes documents should use additional
[No need to CC me, I am subscribed]
Am 30.01.19 um 14:29 schrieb Moritz Mühlenhoff:
> On Wed, Jan 30, 2019 at 01:24:40PM +0100, Markus Koschany wrote:
>> Hi,
>>
>> Am 30.01.19 um 13:07 schrieb Emilio Pozuelo Monfort:
>> [...]
>>> I would appreciate some testing and/or feedback.
>>
>> I have done
On Wed, Jan 30, 2019 at 01:24:40PM +0100, Markus Koschany wrote:
> Hi,
>
> Am 30.01.19 um 13:07 schrieb Emilio Pozuelo Monfort:
> [...]
> > I would appreciate some testing and/or feedback.
>
> I have done most of the backporting work for the previous
> vulnerabilities of Ghostscript. I don't
Hi,
Am 30.01.19 um 13:07 schrieb Emilio Pozuelo Monfort:
[...]
> I would appreciate some testing and/or feedback.
I have done most of the backporting work for the previous
vulnerabilities of Ghostscript. I don't recommend to backport the stable
version to Jessie at the moment but rather to
Hi,
There is a vulnerability in ghostscript that allows maliciously crafted files to
bypass the sandbox and execute arbitrary code:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
I would be wary of backporting the fix to our old version of ghostscript as the
code has changed
