Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 668846 (CVE-2018-18284)

Summary: <app-text/ghostscript-gpl-9.26: 1Policy operator gives access to .forceput (CVE-2018-18284)
Product: Gentoo Security Reporter: Vlad K. <vk-gentoo-bugs>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: printing
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
Whiteboard: B2 [glsa+ cve]
Package list:
app-text/ghostscript-gpl-9.26
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 671732    

Description Vlad K. 2018-10-17 00:43:50 UTC 
* Summary:
  https://bugs.chromium.org/p/project-zero/issues/detail?id=1696

* Upstream bug report (not public at the moment):
  https://bugs.ghostscript.com/show_bug.cgi?id=699963

* Fixed in:
  http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b

--

Gentoo Security Scout
Vladimir Krstulja
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-23 07:24:57 UTC 
amd64 stable
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-23 16:35:48 UTC 
x86 stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-24 11:10:04 UTC 
ia64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-24 11:11:13 UTC 
ppc stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-24 11:12:21 UTC 
ppc64 stable
Comment 6 Rolf Eike Beer archtester 2018-11-24 13:02:21 UTC 
sparc done
Comment 7 Mart Raudsepp gentoo-dev 2018-11-24 16:01:01 UTC 
arm64 stable
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-11-24 19:49:43 UTC 
This issue was resolved and addressed in
 GLSA 201811-12 at https://security.gentoo.org/glsa/201811-12
by GLSA coordinator Aaron Bauman (b-man).
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2018-11-24 19:50:31 UTC 
re-opened for final arches and cleanup.
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-25 10:08:53 UTC 
arm stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-25 10:09:12 UTC 
s390 stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-25 10:09:58 UTC 
alpha stable
Comment 13 Matt Turner gentoo-dev 2018-12-30 22:16:54 UTC 
hppa stable. all arches stable
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2019-03-10 20:52:57 UTC 
@printing, please clean vulnerable.
Comment 15 Aaron Bauman (RETIRED) gentoo-dev 2019-04-04 19:22:26 UTC 
tree is clean