all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 85199e35b0ff8a6ff269e6a6bf6467ff816a382a 1032 bytes (raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
 A malicious PostScript file could delete files with the privileges of
 the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2014-03-28

--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
   	eval "$command" ;;
       gs)
         $verbose "$program: making a full rewrite of the file ($gs)." >&2
-  	$gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+  	$gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
     esac
   )
 fi

debug log:

solving 85199e35b0 ...
found 85199e35b0 in https://git.savannah.gnu.org/cgit/guix.git

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.