oss-sec mailing list archives
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 16 Oct 2018 22:50:24 +0200
On Tue, 16 Oct 2018 15:57:22 -0400 "Perry E. Metzger" <perry () piermont com> wrote:
Again, given that PostScript is an archival format for a lot of documents, wouldn't a version of ghostscript with all the ability to do anything dangerous removed from the interpreter at compile time be rational?
I think nobody here will disagree with you that this would be good to have. The question is: Who's gonna do it? Will you? -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)