14:01 <andi-> Yet another ghostscript code execution when opening a PDF: https://www.openwall.com/lists/oss-security/2018/10/09/4

14:04 <andi-> I'll try to get that fixed /verified once I am out of the office..

15:42 <flokli> ghostscript /o\

15:42 <flokli> let's rebuild the world once again

16:54 <andi-> The good news is it didn't just execute code when opened in a (remote) VM with X..

16:54 <andi-> might have to start a proper DE and not just i3 + pick the tools from the mounted nix store..

20:38 <andi-> So the patches from ghostscript really fix the issues (surprise!). Problem is just that they depend on a lot of different changes and I do not speak postscript :/ The git history looks like a minefield.

20:38 <gchristensen> ouch

20:39 <andi-> time to make an overlay: self: super: { ghostscript = null; }

20:40 <gchristensen> sgtm

20:43 <andi-> Is anyone familiar with the `gnome-desktop sandbox`?

20:43 <andi-> that thing should exist - at least the way I read the mail... Would like to check if we have that enabled

20:46 <andi-> apparently that is called `bubblewrap`

20:57 <andi-> so that seems to be on and working since we have USER_NS=y