Quoting Salvatore Bonaccorso (2018-08-26 21:55:14)
> Hi,
>
> On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> > Tavis Ormandy disclosed a new ghoscript security issue, leading directly to code
> > execution: http://openwall.com/lists/oss-security/2018/08/21/2
>
> There are actually several issues, see the whole thread. For now since
> you filled this bug will track all those with this bug entry. Proper
> evaluation though is still pending (and Moritz is taking care of
> strech, adding this note to dsa-needed file ("needs some research on
> issues found by Tavis").
>
> See
>
> https://www.kb.cert.org/vuls/id/332928
>
> the current set of fixes:
>
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614
Also http://git.ghostscript.com/?p=ghostpdl.git;h=0b6cd19
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature