oss-sec mailing list archives
Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 23 Aug 2018 08:12:52 +0200
On 08/23/2018 06:24 AM, Tavis Ormandy wrote:
I think we should kill (or at least trim the mime types) in /usr/share/thumbnailers/evince.thumbnailer.
Note that this may or may not work, depending on whether the MIME type detection is identical between the selection of the evince and the selection of the Ghostscript backend in evince itself.
I remember a case from several years ago where an ImageMagick bug was still exploitable via mail user agents even though the problematic image format was not listed in /etc/mailcap. ImageMagick did its own format detection back then, so all you had to do was to change the file extension.
Thanks, Florian
Current thread:
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?, (continued)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Jakub Wilk (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 09)
- Message not available
- Re: Ghostscript 9.24 issues Tavis Ormandy (Sep 09)
- Re: Re: Ghostscript 9.24 issues Marcus Meissner (Sep 10)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Florian Weimer (Aug 22)