Summary: | app-text/pstotext: Arbitrary Postscript Code Execution by pstotext | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Jimi A. <folajimi> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | ||||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
URL: | http://secunia.com/advisories/16183/ | ||||||||
Whiteboard: | B2 [glsa] DerCorny | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Jimi A.
2005-07-25 09:06:39 UTC
Ok, there is no active maintainer so i CC'ed the ones from the changelog and maintainer-needed. If there is no volunteer to get this done, we might have to mask or remove this package. Created attachment 64353 [details, diff]
Debian patch for this issue
This is a patch for this issue taken from the debian bug. Still nobody wants to
do this?
Created attachment 64443 [details, diff]
Patch for package
This patch updates the ebuild, so it cannot be easier. Still needs a ChangeLog
entry and a GnuPG signature, but I'm not a developer, so I cannot do that.
pstotext-1.8g-r1 is in the tree with the deb patch. KEYWORDS= ~amd64 ~x86 ~ppc ~sparc ~ppc64 Thanks a lot for the help bumping! Arches, please test pstotext-1.8g-r1 and mark stable, also thanks. Stable on PPC stable on ppc64 sparc stable. Passes local regression testing. I processed 236 .ps files without error, and confirmed it now uses -dSAFER when calling gs. stable on x86. It appears to to not free a small chunk of memory before exiting and could probably use a wee bit of Makefile and gcc syntax loving at a later time. amd64 never appears to of had it marked stable. This would be a good time to go ahead and do it. About amd64 testing: sure it's a good time to mark stable, but it shouldn't block GLSA release. Ready for GLSA GLSA 200507-29. Thanks to everybody involved. |