On Wed, 29 Aug 2018, Michal Nowak wrote:
On 08/22/18 08:52 PM, Udo Grabowski (IMK) wrote:
These security bugs are really bad ("works" on Openindiana):
<https://bugs.chromium.org/p/project-zero/issues/detail?id=1640>
<https://www.kb.cert.org/vuls/id/332928>
It's a week since patches were published
(https://artifex.com/news/ghostscript-security-resolved/) and no major
distribution fixed it. Anyone knows why? Are there problems with those
patches? Or the problem not that severe after all?
The patches are against the development code base targeting the next
Ghostscript release. The patches are presumably offered under the
AGPL license.
It is not uncommon for older Ghostscript versions to be distributed,
particularly given that the GNU Affero General Public License (AGPL)
is not compatible with some common usage models due to adding
additional obligations. Artifex wants to encourage commercial
licensing of their software. See https://artifex.com/licensing/.
Bob
--
Bob Friesenhahn
[email protected], http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
openindiana-discuss mailing list
[email protected]
https://openindiana.org/mailman/listinfo/openindiana-discuss
