[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#32663] [PATCH 0/2] Ghostscript fixes

From: Marius Bakke
Subject: [bug#32663] [PATCH 0/2] Ghostscript fixes
Date: Sun, 09 Sep 2018 14:27:39 +0200
User-agent: Notmuch/0.27 ( Emacs/26.1 (x86_64-pc-linux-gnu)

Leo Famulari <address@hidden> writes:

> On Sat, Sep 08, 2018 at 01:08:16PM +0200, Marius Bakke wrote:
>> These patches aim to fix the recent security issues in Ghostscript.
>> I have verified that the reproducers in
>> <> no
>> longer work with these patches.
>> Marius Bakke (2):
>>   gnu: jbig2dec: Replace with 0.15 [security fixes].
>>   gnu: ghostscript: Update replacement to 9.24 [security fixes].
> Thanks! Looks good to me assuming Ghostscript 9.24 is ABI compatible
> with 9.23.

There are changes[0], but they are internal to the library and so
*should* be harmless.  Unfortunately I haven't been able to get the
--drop-private-types or --harmless options of abidiff working.

The same goes for jbig2dec, although it's more complicated since it
includes a static library (to be removed on core-updates).  It does not
look like any of the consumers actually use it, though.

Will push this after some more testing, as well as including the patch
suggested by Tavis on oss-sec.

[0] <>

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]