[OpenIndiana-discuss] ghostscript / ImageMagick security problems
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Wed Aug 29 17:56:03 UTC 2018
On Wed, 29 Aug 2018, Michal Nowak wrote:
> On 08/22/18 08:52 PM, Udo Grabowski (IMK) wrote:
>> These security bugs are really bad ("works" on Openindiana):
>>
>> <https://bugs.chromium.org/p/project-zero/issues/detail?id=1640>
>> <https://www.kb.cert.org/vuls/id/332928>
>
> It's a week since patches were published
> (https://artifex.com/news/ghostscript-security-resolved/) and no major
> distribution fixed it. Anyone knows why? Are there problems with those
> patches? Or the problem not that severe after all?
The patches are against the development code base targeting the next
Ghostscript release. The patches are presumably offered under the
AGPL license.
It is not uncommon for older Ghostscript versions to be distributed,
particularly given that the GNU Affero General Public License (AGPL)
is not compatible with some common usage models due to adding
additional obligations. Artifex wants to encourage commercial
licensing of their software. See https://artifex.com/licensing/.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the openindiana-discuss
mailing list