Re: RFC / Call for testing: ghostscript

2019-01-31 Thread Moritz Mühlenhoff
On Wed, Jan 30, 2019 at 03:02:53PM +0100, Markus Koschany wrote: > The truth is the -dSafer option gives a false sense of security even in > the latest release and we will probably continue to see more of those > issues. Obviously, any deployment which processes documents should use additional

Re: RFC / Call for testing: ghostscript

2019-01-30 Thread Markus Koschany
[No need to CC me, I am subscribed] Am 30.01.19 um 14:29 schrieb Moritz Mühlenhoff: > On Wed, Jan 30, 2019 at 01:24:40PM +0100, Markus Koschany wrote: >> Hi, >> >> Am 30.01.19 um 13:07 schrieb Emilio Pozuelo Monfort: >> [...] >>> I would appreciate some testing and/or feedback. >> >> I have done

Re: RFC / Call for testing: ghostscript

2019-01-30 Thread Moritz Mühlenhoff
On Wed, Jan 30, 2019 at 01:24:40PM +0100, Markus Koschany wrote: > Hi, > > Am 30.01.19 um 13:07 schrieb Emilio Pozuelo Monfort: > [...] > > I would appreciate some testing and/or feedback. > > I have done most of the backporting work for the previous > vulnerabilities of Ghostscript. I don't

Re: RFC / Call for testing: ghostscript

2019-01-30 Thread Markus Koschany
Hi, Am 30.01.19 um 13:07 schrieb Emilio Pozuelo Monfort: [...] > I would appreciate some testing and/or feedback. I have done most of the backporting work for the previous vulnerabilities of Ghostscript. I don't recommend to backport the stable version to Jessie at the moment but rather to