[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#944760: ghostscript: CVE-2019-14869

Hi Jonas,

On Mon, Nov 18, 2019 at 10:34:17PM +0100, Jonas Smedegaard wrote:
> Control: severity -1 important
> 
> Quoting Salvatore Bonaccorso (2019-11-14 22:47:49)
> > Source: ghostscript
> > Version: 9.50~dfsg-2
> > Severity: grave
> > Tags: security upstream
> > Control: found -1 9.26a~dfsg-0+deb9u5
> > Control: found -1 9.26a~dfsg-0+deb9u1
> > Control: found -1 9.27~dfsg-2+deb10u2
> > Control: found -1 9.27~dfsg-1
> > Control: found -1 9.27~dfsg-3.1
> > Control: fixed -1 9.26a~dfsg-0+deb9u6
> > Control: fixed -1 9.27~dfsg-2+deb10u3
> > 
> > Hi,
> > 
> > The following vulnerability was published for ghostscript. I can agree
> > the severity is not exaclty matching, as for 9.50 itself, it's not
> > anymore directly exploitable (unless with -dOLDSAFER). Still it cannot
> > be considred fixed, only after applying [1].
> 
> Lowering severity to avoid this blocking more grave security fixes 
> entering testing.

Possible tho cherry-pick as well the fixing commit so we can get the
CVE out of the radar for bullseye/sid?

Regards,
Salvatore
Reply to: