oss-sec mailing list archives

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?

From: Tavis Ormandy <taviso () google com>
Date: Tue, 4 Sep 2018 13:08:57 -0700

On Tue, Sep 4, 2018 at 1:03 PM Brandon Perry <bperry.volatile () gmail com>
wrote:

On Sep 4, 2018, at 2:59 PM, Tavis Ormandy <taviso () google com> wrote:

OK, well, the fixes missed 9.24 so vendors will have to either ship

patches

once they land or wait for 9.25.

$ ./gs -v
GPL Ghostscript 9.24 (2018-09-03)
Copyright (C) 2018 Artifex Software, Inc.  All rights reserved.
$ ./gs -q -dSAFER -sDEVICE=ppmraw -f testcase.ps
uid=1000(taviso) gid=1000(taviso)

Let me know if anyone wants that testcase.


Hey Tavis, could I have a copy of the test case please? Thanks so much.


Sure, here it is.

Thanks, Tavis.

Attachment: bug699714.txt
Description:

Current thread:

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?, (continued)
- - - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 27)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Aug 27)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Aug 28)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Sep 03)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Brandon Perry (Sep 04)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 05)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Sep 05)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Stuart Gathman (Sep 05)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Sep 05)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Jakub Wilk (Sep 06)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 09)
    - Message not available
    - Re: Ghostscript 9.24 issues Tavis Ormandy (Sep 09)
    - Re: Re: Ghostscript 9.24 issues Marcus Meissner (Sep 10)

(Thread continues...)