subject:"Bug#839118\: ghostscript\: CVE\-2013\-5653\: getenv and filenameforall ignore \-dSAFER"

Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER

2016-10-12 Thread Salvatore Bonaccorso

Control: severity -1 serious

Rationale for severity increase: We ship DSA-3691-1 in jessie
containing the fix, and not having the security fix in stretch then
would be a regression.

Regards,
Salvatore

Processed: Re: Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER

2016-10-12 Thread Debian Bug Tracking System

Processing control commands:

> severity -1 serious
Bug #839118 [ghostscript] ghostscript: CVE-2013-5653: getenv and filenameforall 
ignore -dSAFER
Severity set to 'serious' from 'normal'

-- 
839118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839118
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER

2016-09-28 Thread Florian Weimer

Package: ghostscript
Version: 9.06~dfsg-2+deb8u1
Tags: security

This issue is now public, but was apparently never properly announced:

  
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
  http://bugs.ghostscript.com/show_bug.cgi?id=694724

Reproducer:

%!PS
(HOME) getenv { print (\n) print } { (variable not found\n) print } ifelse

Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER

Processed: Re: Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER

Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER

3 matches

Site Navigation

Mail list logo

Footer information