Dear security team, On 09/07/18 23:23, Moritz Muehlenhoff wrote: > Package : ghostscript > CVE ID : CVE-2018-15908 CVE-2018-15910 CVE-2018-15911 > CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 > CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 > CVE-2018-16543 CVE-2018-16585
The latest upload of ghostscript to unstable, which as far as I know only tried to fix some of these CVE's, caused the autopkgtest of multiple packages to start timing out (bug 907493). Were you aware of that and have you done any testing to verify that this isn't an issue for the stable upload? If so, that would be an interesting data point for the bug. If not, you may be facing the same regression in stretch. I have the wild hunch that this is related to the openssl upstream bump in unstable, but nobody has verified that yet. If stretch is no not seeing this regression that would mean there may also be a path to fix testing/buster until we figure out what needs fixing in ghostscript. Paul
signature.asc
Description: OpenPGP digital signature