oss-sec mailing list archives

Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 16 Oct 2018 22:50:24 +0200

On Tue, 16 Oct 2018 15:57:22 -0400
"Perry E. Metzger" <perry () piermont com> wrote:

Again, given that PostScript is an archival format for a lot of
documents, wouldn't a version of ghostscript with all the ability to
do anything dangerous removed from the interpreter at compile time be
rational?


I think nobody here will disagree with you that this would be good to
have.
The question is: Who's gonna do it? Will you?

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Current thread:

ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
  - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
    - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
    - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
  - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
    - Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
  - Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
    - Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
    - Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)