diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2018-09-10 09:54:14 +0100 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2018-09-10 09:54:14 +0100 |
commit | 7146378240f90bf4171ae7a2a00cc9d46eaec86d (patch) | |
tree | 22d2f799b8b7289ca8b7dc71cde3a51f8df056e7 | |
parent | 4cfee19351e36543927b78b97dbf2e600daa9bfe (diff) | |
download | ghostpdl-7146378240f90bf4171ae7a2a00cc9d46eaec86d.tar.gz |
Add a note about unSAFERness of ps2epsi
-rw-r--r-- | doc/History9.htm | 10 | ||||
-rw-r--r-- | doc/News.htm | 10 |
2 files changed, 18 insertions, 2 deletions
diff --git a/doc/History9.htm b/doc/History9.htm index 6384abfd8..fe8dd1d12 100644 --- a/doc/History9.htm +++ b/doc/History9.htm @@ -132,7 +132,6 @@ overview</a>. <!-- [2.0 begin contents] ================================================== --> <h2><a name="Version9.25"></a>Version 9.25 (2018-09-10)</h2> - <p> Highlights in this release include: <ul> <li> @@ -140,6 +139,15 @@ overview</a>. the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release. </li> +</ul> +<ul> +<li> +<p><u>Note:</u> The ps2epsi utility does not, and cannot call Ghostscript with +the -dSAFER command line option. It should <i>never</i> be called with input from +untrusted sources. +</li> +</ul> +<ul> <li> <p>Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits. diff --git a/doc/News.htm b/doc/News.htm index e966d74c8..43a24af3a 100644 --- a/doc/News.htm +++ b/doc/News.htm @@ -98,7 +98,6 @@ overview</a>. <!-- [2.0 begin contents] ================================================== --> <h2><a name="Version9.25"></a>Version 9.25 (2018-09-10)</h2> - <p> Highlights in this release include: <ul> <li> @@ -106,6 +105,15 @@ overview</a>. the security fixes to the SAFER file access restrictions (specifically accessing ICC profile files), and some additional security issues over the recent 9.24 release. </li> +</ul> +<ul> +<li> +<p><u>Note:</u> The ps2epsi utility does not, and cannot call Ghostscript with +the -dSAFER command line option. It should <i>never</i> be called with input from +untrusted sources. +</li> +</ul> +<ul> <li> <p>Security issues have been the primary focus of this release, including solving several (well publicised) real and potential exploits. |