[Secure-testing-team] Bug#584012: hylafax-server: Security bugs in ghostscript

[Paul Szabo]

Package: hylafax-server
Severity: grave
Tags: security
Justification: user security hole


Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package depends on ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages hylafax-server depends on:
ii  debconf            1.5.24                Debian configuration management sy
ii  ghostscript-x [gs- 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii  gs                 8.62.dfsg.1-3.2lenny1 Transitional package
ii  gs-aladdin         8.62.dfsg.1-3.2lenny1 Transitional package
pn  hylafax-client     <none>                (no description available)
ii  libc6              2.7-18lenny2          GNU C Library: Shared libraries
pn  libstdc++2.10-glib <none>                (no description available)
ii  libtiff-tools      3.8.2-11.2            TIFF manipulation and conversion t
pn  libtiff3g          <none>                (no description available)
ii  zlib1g             1:1.2.3.3.dfsg-12     compression library - runtime

hylafax-server recommends no packages.

Versions of packages hylafax-server suggests:
pn  hylafax-doc                   <none>     (no description available)
pn  mgetty                        <none>     (no description available)