[Pkg-gmagick-im-team] Bug#964090: Please upload backport

Salvatore Bonaccorso carnil at debian.org
Sun Dec 13 20:19:42 GMT 2020


Cc'in the security-team alias.

On Wed, Oct 07, 2020 at 01:15:23PM -0700, Felix Lechner wrote:
> Control: tags -1 + patch
> Hi,
> > Is this because of a ghostscript vulnerability?
> The PDF policy restriction is also in effect on Debian stable even
> though that release ships with Ghostscript 9.27, which online sources
> suggest is safe. [1]
> Converting images to PDF is a very common functionality. Please
> provide a backport with the attached patch, or similar. Thanks!

It is actually unlikely for the moment that we will revert the
200-disable-ghostscript-formats.patch patch again, which was firstly
included in the 8: upload. It does mitigates
in general problems with the ghostscript handled formats, e.g. the
(new) CVE-2020-29599, cf.

We follow here only what other distributions have done earlier, I
believe SuSE has such and as well Ubuntu, from which the mentioned
patch was actually merged in in the last update, TTBOMK.


More information about the Pkg-gmagick-im-team mailing list