GNU bug report logs - #32515
Ghostscript and GNOME thumbnailing code execution vulnerabilities

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 23 Aug 2018 21:03:02 UTC

Severity: normal

Tags: security

Done: Maxime Devos <maximedevos <at> telenet.be>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 32515 <at> debbugs.gnu.org
Subject: bug#32515: GNOME thumbnailing code execution vulnerabilities
Date: Mon, 25 Feb 2019 18:39:06 -0500

[Message part 1 (text/plain, inline)]

Since this bug was filed, Ghostscript has received more scrutiny and
serious bugs continue to be found.

The recommendation of the researchers seems to be to disable and remove
Ghostscript unless a Postcript interpreter is actually necessary.

Barring that, we should keep our package up to date and try to make sure
the GNOME thumbnailer and other "hidden" users of Ghostscript are run in
containers.

Is anyone willing to look into the GNOME thumbnailer?

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 4 years and 45 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #32515 Ghostscript and GNOME thumbnailing code execution vulnerabilities

GNU bug report logs - #32515
Ghostscript and GNOME thumbnailing code execution vulnerabilities