[Pkg-gmagick-im-team] Bug#964090: Please upload backport

MJ Ray mjr at phonecoop.coop
Tue Dec 15 12:27:02 GMT 2020

On 13 December 2020 20:19:42 UTC, Salvatore Bonaccorso <carnil at debian.org> wrote:
>Cc'in the security-team alias.
>It is actually unlikely for the moment that we will revert the
>200-disable-ghostscript-formats.patch patch again, which was firstly
>included in the 8: upload. It does mitigates
>in general problems with the ghostscript handled formats, e.g. the
>(new) CVE-2020-29599, cf.

Does this only affect ghostscript or any action involving external commands?

Why is backtick in the whitelist?

>We follow here only what other distributions have done earlier, I
>believe SuSE has such and as well Ubuntu, from which the mentioned
>patch was actually merged in in the last update, TTBOMK.

I don't feel that is a great reason. We wouldn't have debs and so on if it was generally applicable.

Hope that helps,
MJR (mobile)

More information about the Pkg-gmagick-im-team mailing list