Summary: | app-text/ghostscript-gnu /gpl Jasper heap corruption (CVE-2007-2721) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/153765 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2007-10-24 00:45:32 UTC
Both app-text/ghostscript-gpl and app-text/ghostscript-gnu contain code copies of media-libs/jasper. CVE-2007-2721 as fixed in bug 179159 might still affect these packages. For ghostscript-gpl I could confirm that the Jasper code is compiled. I did not check every available ebuild, only the latest stables. Ghostscript accepted the jasper patch upstream: http://cvs.ghostscript.com/cgi-bin/viewcvs.cgi/ghostscript?rev=8298&view=rev See URL for further reference. *** Bug 197802 has been marked as a duplicate of this bug. *** ghostscript-gpl revisions which apply the patch are now in the tree as: ghostscript-gpl-8.60-r1 ghostscript-gpl-8.57-r1 ghostscript-gpl-8.54-r1 Thanks. Timo, what about app-text/ghostscript-gnu? Arches, please test and mark stable app-text/ghostscript-gpl-8.60-r1. Target keywords : "amd64 arm hppa ppc sh sparc x86" Sparc stable for ghostscript-gpl-8.60-r1. x86 stable Stable for HPPA. ppc stable Ehh... I've gone and done app-text/ghostscript-gpl on amd64. Are we supposed to be doing anything with app-text/ghostscript-gnu? If so, add us back to this bug. (In reply to comment #9) > Are we supposed to be doing anything with app-text/ghostscript-gnu? Not until printing has an ebuild ready. Timo, printing, any word on -gnu? (In reply to comment #11) > Timo, printing, any word on -gnu? Sorry for the delay. ghostscript-gnu revision which applies the patch is now in the tree as: ghostscript-gnu-8.60.0-r1 Arches, please test and mark stable app-text/ghostscript-gnu-8.60.0-r1. Target keywords : "ppc64" (In reply to comment #9) > Ehh... I've gone and done app-text/ghostscript-gpl on amd64. Are we supposed > to be doing anything with app-text/ghostscript-gnu? If so, add us back to this > bug. Seems it was never stable on amd64, so nothing to do. ppc64 done GLSA vote now open. From the description of the bug I'd vote yes, but bug 179159 went [noglsa]. voting no since previous went noglsa. Voting NO and closing. |