[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#897188: stretch-pu: package ghostscript/9.20~dfsg-3.2+deb9u2



Control: tags -1 + confirmed

On Sun, 2018-04-29 at 20:43 +0200, Salvatore Bonaccorso wrote:
> I would like to propose the following ghostscript update via a
> stretch
> point release. It adresses two CVEs which do not warrant a DSA on
> it's
> own but would still be good to be adressed in stable.
> 
> It adresses: 
>  - CVE-2018-10194 / 896069. Triggering the poc was not possible here
>    but the fix consist of doing an additional check in
>    set_text_distance function.
>  - CVE-2016-10317, testing happened with the fixed version against
> the
>    provided poc. The fix requires a previous prerequisite change.
> 

Please go ahead; sorry for the delay.

Regards,

Adam


Reply to: