22834809 a2ps should be 64-bit
24660351 a2ps should have some master test results
24660634 a2ps is missing many patches created by the Debian/Ubuntu community
24660835 problem in UTILITY/A2PS
Description: CVE-2014-0466: fixps does not invoke gs with -dSAFER
A malicious PostScript file could delete files with the privileges of
the invoking user.
Origin: vendor
Bug-Debian: http://bugs.debian.org/742902
Author: Salvatore Bonaccorso <[email protected]>
Last-Update: 2014-03-28
--- a/contrib/fixps.in
+++ b/contrib/fixps.in
@@ -389,7 +389,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi
--- a/contrib/fixps.m4
+++ b/contrib/fixps.m4
@@ -307,7 +307,7 @@
eval "$command" ;;
gs)
$verbose "$program: making a full rewrite of the file ($gs)." >&2
- $gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
+ $gs -q -dSAFER -dNOPAUSE -dBATCH -sDEVICE=pswrite -sOutputFile=- -c save pop -f $file ;;
esac
)
fi