Paul Szabo
2010-Jun-01 01:36 UTC
[Secure-testing-team] Bug#584067: xfig: Security bugs in ghostscript
Package: xfig Version: 1:3.2.5-rel-3 Severity: grave Tags: security Justification: user security hole Please note remote execute-any-code security bugs in ghostscript: http://bugs.debian.org/583183 This package suggests ghostscript, and may be affected. Please evaluate the security of this package, and fix if needed. Thanks, Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, ''stable'') Architecture: i386 (i686) Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages xfig depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libjpeg62 6b-14 The Independent JPEG Group''s JPEG ii libpng12-0 1.2.27-2+lenny3 PNG library - runtime ii libx11-6 2:1.1.5-2 X11 client-side library ii libxi6 2:1.1.4-1 X11 Input extension library ii libxpm4 1:3.5.7-1 X11 pixmap library ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii xaw3dg 1.5+E-17 Xaw3d widget set Versions of packages xfig recommends: ii transfig 1:3.2.5-rel-3.1 Utilities for converting XFig figu pn xfig-libs <none> (no description available) Versions of packages xfig suggests: pn cups-client | lpr <none> (no description available) ii ghostscript 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF ii gimp 2.4.7-1 The GNU Image Manipulation Program ii gsfonts-x11 0.21 Make Ghostscript fonts available t ii netpbm 2:10.0-12+lenny1 Graphics conversion tools ii spell 1.0-20 GNU Spell, a clone of Unix `spell'' ii xfig-doc 1:3.2.5-rel-3 XFig on-line documentation and exa -- no debconf information