Add a note about unSAFERness of ps2epsi

2 files changed, 18 insertions, 2 deletions

diff --git a/doc/History9.htm b/doc/History9.htm
index 6384abfd8..fe8dd1d12 100644
--- a/doc/History9.htm
+++ b/doc/History9.htm
@@ -132,7 +132,6 @@ overview</a>.
 
 <!-- [2.0 begin contents] ================================================== -->
 <h2><a name="Version9.25"></a>Version 9.25 (2018-09-10)</h2>
-
 <p> Highlights in this release include:
 <ul>
 <li>
@@ -140,6 +139,15 @@ overview</a>.
 the security fixes to the SAFER file access restrictions (specifically accessing
 ICC profile files), and some additional security issues over the recent 9.24 release.
 </li>
+</ul>
+<ul>
+<li>
+<p><u>Note:</u> The ps2epsi utility does not, and cannot call Ghostscript with
+the -dSAFER command line option. It should <i>never</i> be called with input from
+untrusted sources.
+</li>
+</ul>
+<ul>
 <li>
 <p>Security issues have been the primary focus of this release, including solving
 several (well publicised) real and potential exploits.
diff --git a/doc/News.htm b/doc/News.htm
index e966d74c8..43a24af3a 100644
--- a/doc/News.htm
+++ b/doc/News.htm
@@ -98,7 +98,6 @@ overview</a>.
 <!-- [2.0 begin contents] ================================================== -->
 
 <h2><a name="Version9.25"></a>Version 9.25 (2018-09-10)</h2>
-
 <p> Highlights in this release include:
 <ul>
 <li>
@@ -106,6 +105,15 @@ overview</a>.
 the security fixes to the SAFER file access restrictions (specifically accessing
 ICC profile files), and some additional security issues over the recent 9.24 release.
 </li>
+</ul>
+<ul>
+<li>
+<p><u>Note:</u> The ps2epsi utility does not, and cannot call Ghostscript with
+the -dSAFER command line option. It should <i>never</i> be called with input from
+untrusted sources.
+</li>
+</ul>
+<ul>
 <li>
 <p>Security issues have been the primary focus of this release, including solving
 several (well publicised) real and potential exploits.