Package: ghostscript Version: 8.71~dfsg2-6 Severity: serious Tags: security
Hi, The following CVE (Common Vulnerabilities & Exposures) id was published for ghostscript. There are a bunch of upstream patches for this [1]. Marking the bug as serious for now since the issue should be fixed before squeeze's release since it will be very painful to fix after that. CVE-2010-2055[0]: | Ghostscript 8.71 and earlier reads initialization files from the | current working directory, which allows local users to execute | arbitrary PostScript commands via a Trojan horse file, related to | improper support for the -P- option to the gs program. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2055 http://security-tracker.debian.org/tracker/CVE-2010-2055 [1] http://bugs.ghostscript.com/show_bug.cgi?id=691350 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
