Romain Beauxis wrote:
> Le mardi 1 juin 2010 12:12:23, Romain Beauxis a écrit :
>> I am not closing but downgrading for mediawiki, unless you prove that there
>> is a real security issue.
>
> Ok, I have looked at the source code. We use dvips to generate the postscript
> file.
>
> Does the iss
Le mardi 1 juin 2010 12:12:23, Romain Beauxis a écrit :
> I am not closing but downgrading for mediawiki, unless you prove that there
> is a real security issue.
Ok, I have looked at the source code. We use dvips to generate the postscript
file.
Does the issue happen for dvips ?
Romain
--
T
On Tue, Jun 01, 2010 at 06:32:56PM +0200, Vincent Danjean wrote:
> Perhaps, gs should have these options enabled by default (and provide other
> options to disable them if needed) instead of requiring to modify all
> programs. It would secure home-made scripts, too.
I agree. I've found (and repor
severity 584021 normal
thanks
Le mardi 1 juin 2010 06:17:23, paul.sz...@sydney.edu.au a écrit :
> > I agree on all points of [Roland Stigge] ...
>
> Please read my reply to him.
Well, I still fail to see why you need to fill RC bugs everywhere. If your
rational for filling bugs against all pack
On 01/06/2010 13:10, paul.sz...@sydney.edu.au wrote:
>> (4) Please state clearly what's wrong with the package (hyperlatex in
>> this case). From the other bug reports I deduce that gs calls should be
>> extended with "-P- -dSAFER". This should be done in the hyperlatex
>> source package in bin/ps2
Dear Vincent,
> I agree on all points of [Roland Stigge] ...
Please read my reply to him.
> I'm closing the bug for latex-make unless you come back with facts (or
> that discussion on d-d agreeds that all package using gs must be changed).
Yes, all users of gs must use the two options -P- and -
Dear Roland,
> (1) If ghostscript has a bug, maybe it should be fixed there instead of
> in all gs dependant packages?
Yes, but gs says "cannot fix" and "please use -P-".
> (2) Mass bug filing (esp. RC/security) is generally not a great idea,
> especially if
> (3) You haven't checked the individ
Hi,
On 01/06/2010 10:31, Roland Stigge wrote:
> Hi,
>
> On 06/01/2010 03:10 AM, Paul Szabo wrote:
>> This package depends on ghostscript, and may be affected. Please
>> evaluate the security of this package, and fix if needed.
>
> There are several issues with this bug:
>
> (1) If ghostscript ha
Hi,
On 06/01/2010 03:10 AM, Paul Szabo wrote:
> This package depends on ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.
There are several issues with this bug:
(1) If ghostscript has a bug, maybe it should be fixed there instead of
in all gs d
9 matches
Mail list logo
