Secure testing team - Aug 2010 - Bug#592569: ghostscript: Please make -dSAFER the default

Package: ghostscript
Version: 8.62.dfsg.1-3.2lenny4
Severity: grave
Tags: security
Justification: user security hole


Please make the -dSAFER option the default.

For discussion, rationale etc please see bugs #583183 and #584663, and
particularly:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584663#55

Thanks,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (500, ''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.18-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages ghostscript depends on:
ii  debconf [debc 1.5.24                     Debian configuration management sy
ii  debianutils   2.30                       Miscellaneous utilities specific t
ii  defoma        0.11.10-0.2                Debian Font Manager -- automatic f
ii  gs-common     8.62.dfsg.1-3.2lenny4      Dummy package depending on ghostsc
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
ii  libc6         2.7-18lenny4               GNU C Library: Shared libraries
ii  libgs8        8.62.dfsg.1-3.2lenny4      The Ghostscript PostScript/PDF int

Versions of packages ghostscript recommends:
ii  psfontmgr                    0.11.10-0.2 PostScript font manager -- part of

Versions of packages ghostscript suggests:
ii  ghostscript-x      8.62.dfsg.1-3.2lenny4 The GPL Ghostscript PostScript/PDF
pn  hpijs              <none>                (no description available)

-- no debconf information