[Secure-testing-team] Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-"
Paul Szabo
paul.szabo at sydney.edu.au
Thu May 27 00:07:01 UTC 2010
Package: gv
Version: 1:3.6.5-2
Severity: grave
File: /usr/bin/gv
Tags: security
Justification: user security hole
Please see
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://bugs.debian.org/583183
for details: gv should use the -P- switch when invoking gs.
Thanks, Paul
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages gv depends on:
ii ghostscript-x [gs- 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii gs-gpl 8.62.dfsg.1-3.2lenny1 Transitional package
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii xaw3dg 1.5+E-17 Xaw3d widget set
gv recommends no packages.
gv suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list