Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER
Control: severity -1 serious Rationale for severity increase: We ship DSA-3691-1 in jessie containing the fix, and not having the security fix in stretch then would be a regression. Regards, Salvatore
Processed: Re: Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER
Processing control commands: > severity -1 serious Bug #839118 [ghostscript] ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER Severity set to 'serious' from 'normal' -- 839118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#839118: ghostscript: CVE-2013-5653: getenv and filenameforall ignore -dSAFER
Package: ghostscript Version: 9.06~dfsg-2+deb8u1 Tags: security This issue is now public, but was apparently never properly announced: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 http://bugs.ghostscript.com/show_bug.cgi?id=694724 Reproducer: %!PS (HOME) getenv { print (\n) print } { (variable not found\n) print } ifelse