[Secure-testing-team] Bug#583634: evince: Insecure ghostscript invocation
Paul Szabo
paul.szabo at sydney.edu.au
Sat May 29 01:55:59 UTC 2010
Package: evince
Version: 2.22.2-4~lenny1
Severity: grave
Tags: security
Justification: user security hole
Please see
http://bugs.debian.org/583183
for details: evince seems to use ghostscript in an insecure way
when viewing PS files.
Cheers,
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages evince depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii gnome-icon-theme 2.22.0-1 GNOME Desktop icon theme
ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.22.0-1 The Bonobo UI library
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.1-5+lenny1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst
ii libdjvulibre21 3.5.20-8+lenny1 Runtime support for the DjVu image
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.6-3 The GLib library of C routines
ii libgnome-keyring0 2.22.3-2 GNOME keyring services library
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display
ii libgnomeui-0 2.20.1.1-2 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.22.0-5 GNOME Virtual File System (runtime
ii libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libkpathsea4 2007.dfsg.2-4+lenny2 TeX Live: path search library for
ii libnautilus-extensi 2.20.0-7 libraries for nautilus components
ii liborbit2 1:2.14.13-0.1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.20.5-5+lenny1 Layout and rendering of internatio
ii libpoppler-glib3 0.8.7-3 PDF rendering library (GLib-based
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libspectre1 0.2.0.ds-1 Library for rendering Postscript d
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libtiff4 3.8.2-11.2 Tag Image File Format (TIFF) libra
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxml2 2.6.32.dfsg-5+lenny1 GNOME XML library
ii shared-mime-info 0.30-2 FreeDesktop.org shared MIME databa
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages evince recommends:
ii dbus-x11 1.2.1-5+lenny1 simple interprocess messaging syst
Versions of packages evince suggests:
pn poppler-data <none> (no description available)
ii unrar 1:3.8.2-1 Unarchiver for .rar files (non-fre
-- no debconf information
More information about the Secure-testing-team
mailing list