This sounds bad: https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability 10.01.2, which contains the fix, is already in the tree, but not yet stabilized.
Version 10.01.2 should be stabilized asap, this is serious.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9c38541fc770d5ef98f0327092ae33c0bab71167 commit 9c38541fc770d5ef98f0327092ae33c0bab71167 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-03 ] GPL Ghostscript: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904245 Bug: https://bugs.gentoo.org/910294 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-03.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
Ping. Please remove the vulnerable version 10.01.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb992af9d6c86f4a7a60cca4d086851e05092804 commit bb992af9d6c86f4a7a60cca4d086851e05092804 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-02-12 02:26:59 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-02-12 02:26:59 +0000 app-text/ghostscript-gpl: drop 10.01.1 Bug: https://bugs.gentoo.org/910294 Signed-off-by: John Helmert III <ajak@gentoo.org> app-text/ghostscript-gpl/Manifest | 1 - .../ghostscript-gpl/ghostscript-gpl-10.01.1.ebuild | 190 --------------------- 2 files changed, 191 deletions(-)
