[tex-k] [email@example.com: RHN Errata Alert: Command execution vulnerability in dvips]
Tomas G. Rokicki
Sun, 03 Nov 2002 17:40:18 -0800
Guys, I'm really sorry; I didn't want this to turn into such a sideshow.
The TeX guys work really really hard at preparing great distributions for
the Linux guys.
The Linux guys bend over backwards to make everything work well.
Redhat found a security problem. They fixed it. The fix needs to be
made better, and we will make it better.
The change probably affects a low percentage of TeX users. Let's just
get it fixed and move on.
I have to take the blame as much as anyone; I've known dvips has various
security issues, and I haven't done the necessary security audit yet.
So blame me.