Summary: | <app-text/ghostscript-gpl-9.28_rc4: multiple vulnerabilities (CVE-2019-{14811,14812,14813,14817}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2019/08/28/2 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
app-text/ghostscript-gpl-9.50
media-libs/jbig2dec-0.17-r1
net-print/cups-filters-1.25.11
app-text/qpdf-9.0.2
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 676264, 692106 |
Description
Agostino Sarubbo
2019-08-28 12:51:31 UTC
I guess that 2.28 will have the fixes. In the meantime, the latest releases also contain fixes for security issues discovered from fuzzing. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=215d56f50a764294df20c6a378fbe9b709fe056d commit 215d56f50a764294df20c6a378fbe9b709fe056d Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-07 00:35:05 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-07 00:35:23 +0000 app-text/ghostscript-gpl: bump to v9.28rc4 Bug: https://bugs.gentoo.org/693002 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-text/ghostscript-gpl/Manifest | 2 + .../ghostscript-gpl-9.28_rc4.ebuild | 200 +++++++++++++++++++++ 2 files changed, 202 insertions(+) Ghostscript 9.50 was released on 2019-10-15: https://ghostscript.com/pipermail/gs-devel/2019-October/010232.html """ The more astute among you might notice that 9.28 has morphed into 9.50. In a recent discussion amongst the Ghostscript developers, it became clear that the redesign and reimplementation of the file security features warranted more recognition than just the usual single digit version increment. Hence we opted to bump it up to 9.50. """ https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afdbdbedba9222816f18bbf03d102bdb73ce3a15 commit afdbdbedba9222816f18bbf03d102bdb73ce3a15 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-24 22:18:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-24 22:29:05 +0000 app-text/ghostscript-gpl: bump to v9.50 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> sparc stable ppc stable x86 stable amd64 stable hppa stable ppc64 stable arm stable arm64 stable s390 stable ia64 stable alpha stable all arches stable @maintainer(s), ok to cleanup? Tree is clean: https://bugs.gentoo.org/676264#c16 Added to an existing GLSA request. This issue was resolved and addressed in GLSA 202004-03 at https://security.gentoo.org/glsa/202004-03 by GLSA coordinator Thomas Deutschmann (whissi). |