oss-sec mailing list archives

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?

From: Tavis Ormandy <taviso () google com>
Date: Wed, 22 Aug 2018 20:33:37 -0700

On Wed, Aug 22, 2018 at 2:17 PM Bob Friesenhahn <
bfriesen () simple dallas tx us> wrote:

The CERT advisory at https://www.kb.cert.org/vuls/id/332928 provides a
policy.xml example which does not appear to block PS2 and PS3, which
are also entry points for reading Postscript.

I think (luckily) there's no magic that will invoke those, but I think
you're right, for completeness they should be disabled by default as well.

Tavis.

Current thread:

More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
  - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 21)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Alex Gaynor (Aug 21)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? AmitB (Aug 22)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 22)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Mateusz Lenik (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 27)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Aug 27)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Aug 28)
    - Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)

(Thread continues...)