Summary: | app-text/ghostscript: Insecure tempfile handling | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | printing | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
URL: | http://www.securityfocus.com/advisories/7263 | ||||||||
Whiteboard: | A3 [glsa] lewk | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Luke Macken (RETIRED)
2004-10-04 15:08:48 UTC
Created attachment 41096 [details, diff]
ghostscript-7.07.1-tempfile.patch
Trustix patch to fix insecure tempfile handling.
printing herd, please verify and apply patch if necessary. added ghostscript-7.07.1-r7 to portage, but there is still ghostscript-7.05.6 which is required for ppc, see bug #49227, it may be vulnerable as well, but the patch does not apply there archs, please mark ghostscript-7.07.1-r7 stable. sparc tasty. stable amd64 Stable on alpha. hppa happy x86 is there ia64 stable We'll need a patch that would apply to a ppc-compatible version of ghostscript (7.05.06) to fix it for ppc as well. Back to ebuild status to solve the ppc case. Created attachment 41402 [details, diff]
gs7.05.6-tempfile.patch
Patch to fix tempfile vulnerabilities in 7.05.6 (ppc)
stable on ppc64, thanks! (The comments about ppc leave me somewhat stunned... if the 7.07.1-r7 version works just fine with ppc64, so should ppc, least so I owuld think unless there is some bug I just haven't hit yet waiting out there in the weeds for some poor unsuspecting ppc64 user) printing herd, please apply tempfile patch to 7.05.6 for ppc. Stable on mips Ready to draft GLSA. This can't be at GLSA status : still waiting for printing herd to apply tempfile patch to a ppc-supported version... like 7.05.6-r2. added gs-7.05.6-r2 for ppc ppc, please mark ghostscript-7.05.6-r2 stable. stable on ppc Now we're set... GLSA 200410-18 |