[Secure-testing-team] CVE-2010-2055
Michael Gilbert
michael.s.gilbert at gmail.com
Fri Dec 10 18:53:09 UTC 2010
On Fri, 10 Dec 2010 19:45:18 +0100, Moritz Muehlenhoff wrote:
> On Thu, Dec 09, 2010 at 10:48:46PM -0500, Michael Gilbert wrote:
> > I've isolated and applied the patches needed to fix CVE-2010-2055 in
> > ghostscript. See attached debdiff.
> >
> > Would anyone be so kind to sponsor this? The package is at:
> > http://mentors.debian.net/debian/pool/main/g/ghostscript/
>
> I don't have time to sponsor this currently, but this should be
> uploaded with urgency=low, since there's the potential that
> applications rely on the old, broken behaviour.
>
> I also remember that Jonas is still considering to introduce
> Ghostscript 9.0 into Squeeze. Jonas, what's the current status?
The release team said that the diff was unreviewable and said no.
Mike
More information about the Secure-testing-team
mailing list