Summary: | <app-text/ghostscript-gpl-9.54.0-r1: arbitrary code execution vulnerability (CVE-2021-3781) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexander Sergeyev <sergeev917> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | codec, hanno, printing |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.ghostscript.com/show_bug.cgi?id=704342 | ||
See Also: | https://github.com/gentoo/gentoo/pull/23715 | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 796659 | ||
Bug Blocks: |
Description
Alexander Sergeyev
2021-09-11 07:03:38 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eeb37a3981b77ed60be7975287e1a503375fa493 commit eeb37a3981b77ed60be7975287e1a503375fa493 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-09-13 00:53:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-09-13 00:54:18 +0000 app-text/ghostscript-gpl: patch CVE-2021-3781 Bug: https://bugs.gentoo.org/812509 Signed-off-by: Sam James <sam@gentoo.org> .../ghostscript-gpl-9.54.0-CVE-2021-3781.patch | 213 +++++++++++++++++++++ .../ghostscript-gpl-9.54.0-r1.ebuild | 191 ++++++++++++++++++ 2 files changed, 404 insertions(+) Needs cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=215fe07aa9dba7d2732a8a62836f7493927ccbbb commit 215fe07aa9dba7d2732a8a62836f7493927ccbbb Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-15 12:37:10 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-15 14:14:59 +0000 app-text/ghostscript-gpl: Cleanup vulnerable 9.52-r1, 9.53.3-r5, 9.54.0 Bug: https://bugs.gentoo.org/812509 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-text/ghostscript-gpl/Manifest | 4 - .../files/ghostscript-gpl-9.53.3-fix-ps2epsi.patch | 16 -- .../ghostscript-gpl-9.53.3-freetype-2.10.3.patch | 20 --- .../ghostscript-gpl/ghostscript-gpl-9.52-r1.ebuild | 197 --------------------- .../ghostscript-gpl-9.53.3-r5.ebuild | 196 -------------------- .../ghostscript-gpl/ghostscript-gpl-9.54.0.ebuild | 189 -------------------- 6 files changed, 622 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ae2df9a36eb30967fc9dd392f63bc7af60249272 commit ae2df9a36eb30967fc9dd392f63bc7af60249272 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-11-22 03:53:57 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 03:59:40 +0000 [ GLSA 202211-11 ] GPL Ghostscript: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/812509 Bug: https://bugs.gentoo.org/852944 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202211-11.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) GLSA released, all done! |