[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#897188: stretch-pu: package ghostscript/9.20~dfsg-3.2+deb9u2

Control: tags -1 + pending

On Sat, 2018-05-26 at 11:09 +0200, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Sat, May 26, 2018 at 09:39:12AM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sun, 2018-04-29 at 20:43 +0200, Salvatore Bonaccorso wrote:
> > > I would like to propose the following ghostscript update via a
> > > stretch
> > > point release. It adresses two CVEs which do not warrant a DSA on
> > > it's
> > > own but would still be good to be adressed in stable.
> > > 
> > > It adresses: 
> > >  - CVE-2018-10194 / 896069. Triggering the poc was not possible
> > > here
> > >    but the fix consist of doing an additional check in
> > >    set_text_distance function.
> > >  - CVE-2016-10317, testing happened with the fixed version
> > > against
> > > the
> > >    provided poc. The fix requires a previous prerequisite change.
> > > 
> > 
> > Please go ahead; sorry for the delay.
> 
> Thank you! Uploaded.

Flagged for acceptance; thanks.

Regards,

Adam
Reply to: