Bug#584064: marked as done (texlive-base-bin: Security bugs in ghostscript)
Your message dated Tue, 1 Jun 2010 11:03:07 +0900
with message-id <20100601020307.GF1855@gamma.logic.tuwien.ac.at>
and subject line Re: Bug#584064: texlive-base-bin: Security bugs in ghostscript
has caused the Debian Bug report #584064,
regarding texlive-base-bin: Security bugs in ghostscript
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
584064: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584064
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: texlive-base-bin
Version: 2007.dfsg.2-4+lenny2
Severity: grave
Tags: security
Justification: user security hole
Please note remote execute-any-code security bugs in ghostscript:
http://bugs.debian.org/583183
This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.
Thanks,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages texlive-base-bin depends on:
ii ed 0.7-3 The classic unix line editor
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libkpathsea4 2007.dfsg.2-4+lenny2 TeX Live: path search library for
ii libncurses5 5.7+20081213-1 shared libraries for terminal hand
ii libpng12-0 1.2.27-2+lenny3 PNG library - runtime
ii libpoppler3 0.8.7-3 PDF rendering library
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxaw7 2:1.0.4-2 X11 Athena Widget library
ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
ii tex-common 1.11.3 common infrastructure for building
ii texlive-common 2007.dfsg.2-1~lenny2 TeX Live: Base component
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages texlive-base-bin recommends:
ii texlive-base-bin-do 2007.dfsg.2-4+lenny2 TeX Live: Documentation files for
Versions of packages texlive-base-bin suggests:
ii evince [postscript 2.22.2-4~lenny1 Document (postscript, pdf) viewer
ii ghostscript [posts 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii gv [postscript-vie 1:3.6.5-2 PostScript and PDF viewer for X
ii kghostview [postsc 4:3.5.9-3+lenny3 PostScript viewer for KDE
ii kpdf [pdf-viewer] 4:3.5.9-3+lenny3 PDF viewer for KDE
ii perl-tk 1:804.028-1+b1 Perl module providing the Tk graph
ii xpdf-reader [pdf-v 3.02-1.4+lenny2 Portable Document Format (PDF) sui
ii xpdf-utils [pdf-vi 3.02-1.4+lenny2 Portable Document Format (PDF) sui
Versions of packages tex-common depends on:
ii debconf 1.5.24 Debian configuration management sy
ii ucf 3.0016 Update Configuration File: preserv
Versions of packages texlive-base-bin is related to:
ii tetex-base 2007.dfsg.2-1~lenny2 TeX Live: teTeX transitional packa
ii tetex-bin 2007.dfsg.2-1~lenny2 TeX Live: teTeX transitional packa
ii tetex-extra 2007.dfsg.2-1~lenny2 TeX Live: teTeX transitional packa
ii tex-common 1.11.3 common infrastructure for building
-- debconf information excluded
--- End Message ---
--- Begin Message ---
On Di, 01 Jun 2010, Paul Szabo wrote:
> Justification: user security hole
>
>
> Please note remote execute-any-code security bugs in ghostscript:
>
> http://bugs.debian.org/583183
>
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.
Yes, you have reported that problem with ghostscript. SO why open
a bug report on texlive if it *suggests* ghostscriopt?
Please understand the meaning of bugs first before you create bug
reports.
Closing this bug. If it is (I cannot decide on that) it is a bug of
ghostscript, which has already been reported.
Best wishes
Norbert
------------------------------------------------------------------------
Norbert Preining preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan TeX Live & Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
BOOLTEENS
The small scatterings of foreign coins and half-p's which inhabit
dressing tables. Since they are never used and never thrown away
boolteens account for a significant drain on the world's money supply.
--- Douglas Adams, The Meaning of Liff
--- End Message ---
Reply to: