On Mon, 14 Oct 2002, Bonemach wrote:
Hi I recently visited the update-pages of suse and noticed a lot of security-related packages that are related to flaws in Ghostview and ghostscript. Some of these packages I have never heard of (like cmap-adobe or CID-keyed-fonts). What are these packages and what is wrong with it? The descriptions on the site are not very detailled. Why should I update this stuff ?
It seems from the names that they are mostly related to Asian fonts, and the info files say they are compiled from ghostscript sources (which of course were just updated for the SAFER bug as the info file says.) I downloaded one (CMap-Adobe-Identity) to find out more ... and I see Description : CMap (Character Map) files for the Adobe-Identity character collection. but none of the CMap-Adobe nor CID-keyed rpms are on my 7.3 distribution CDs. I couldn't google any docs (in English) for end-user install and use of these files -- the closest I got was http://examples.oreilly.com/cjkvinfo/adobe/00README so any pointers to docs dumbed down for an anglocentric person who doesn't know postscript font magic will be welcome Any way, for now, they are enormous downloads and don't seem to offer me more than simply updating ghostscript-x11-6.51-159.i386 Maybe SuSE 7.3 sold in Japan had an extra CD with CJKV gs fonts ?? dproc