thr3ads.net - Secure testing team - [Secure-testing-team] Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-" [May 2010]

If this information is useful, please help other people find it:
Share via:

Paul Szabo

2010-May-27 00:07 UTC

[Secure-testing-team] Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-"

Package: gv
Version: 1:3.6.5-2
Severity: grave
File: /usr/bin/gv
Tags: security
Justification: user security hole


Please see
  http://bugs.ghostscript.com/show_bug.cgi?id=691339
  http://bugs.debian.org/583183
for details: gv should use the -P- switch when invoking gs.

Thanks, Paul

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, ''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages gv depends on:
ii  ghostscript-x [gs- 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii  gs-gpl             8.62.dfsg.1-3.2lenny1 Transitional package
ii  libc6              2.7-18lenny2          GNU C Library: Shared libraries
ii  libx11-6           2:1.1.5-2             X11 client-side library
ii  libxmu6            2:1.0.4-1             X11 miscellaneous utility library
ii  libxt6             1:1.0.5-3             X11 toolkit intrinsics library
ii  xaw3dg             1.5+E-17              Xaw3d widget set

gv recommends no packages.

gv suggests no packages.

-- no debconf information

Secure testing team - May 2010 - Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-"

[Secure-testing-team] Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-"