On Wed, 5 Sep 2018 11:44:23 +0200 Moritz Mühlenhoff <j...@inutil.org> wrote:
> Moritz Mühlenhoff <j...@inutil.org> schrieb: > > There's a number of vulnerabilities found in Ghostscript by Tavis > > Ormandy. His research is still ongoing with new issues being found, > > but I've created an interim update which addresses most of the recent > > issues he found. It works fine in my tests, but my use case is > > fairly limited (printing via a local inkjet printer), so I need some > > additional external testing before this can be released. Packages > > are at https://people.debian.org/~jmm/gs/, please reply directly > > to me both for positive and negative test feedback. > > This received zero test feedback so far. If noone is using Ghostscript > besides me, I probably don't need to release this via security.debian.org > to begin with... Okay, I just tried it. I installed: ghostscript_9.20~dfsg-3.2+deb9u3_amd64.deb libgs9_9.20~dfsg-3.2+deb9u3_amd64.deb libgs9-common_9.20~dfsg-3.2+deb9u3_all.deb onto a Sid system (dpkg warned that it was downgrading all three from 9.22~dfsg-3), and printed a test page from the CUPS admin web interface. The page looks good, although the printer printed three copies - not sure if that's something I asked for by mistake, some misconfiguration on my part (although I've printed many test pages before without this problem), or an actual problem with gs. This is a Brother HL2280DW, printing via local network, using Brother's proprietary drivers. Celejar