On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote: > On Thu, Oct 27, 2016 at 06:31:43AM -0400, Roberto C. Sánchez wrote: > > On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote: > > > > > > Salvatore mentioned that the same bug occurs when unstable has the > > > security > > > patches merged (which hasn't happened so far :-/), so this needs to be > > > reported > > > upstream. > > > > > Would that be to ghostscript upstream? I guess that with seeing the > > evince problem in Jessie with both ghostscript 9.06~dfsg-2+deb8u2 and > > 9.06~dfsg-2+deb8u3 I wasn't certain that the fault is completely with > > ghostscript. > > I haven't debugged this myself, but my guess is that libspectre relies/relied > on the insecure ghostscript behaviour which got patches with the security > fixes... > OK. That makes sense. Thanks for clarifying.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
