Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 910294 (CVE-2023-36664)

Summary: <app-text/ghostscript-gpl-10.01.2: Code execution vulnerability
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: critical CC: codec, printing
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+ stable]
Package list:
Runtime testing required: ---
Bug Depends on: 910308    
Bug Blocks:    

Description Hanno Böck gentoo-dev 2023-07-13 13:31:45 UTC
This sounds bad:

10.01.2, which contains the fix, is already in the tree, but not yet stabilized.
Comment 1 Maxxim 2023-07-13 16:28:22 UTC
Version 10.01.2 should be stabilized asap, this is serious.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-07-25 03:31:19 UTC
GLSA request filed
Comment 3 Larry the Git Cow gentoo-dev 2023-09-17 05:26:36 UTC
The bug has been referenced in the following commit(s):

commit 9c38541fc770d5ef98f0327092ae33c0bab71167
Author:     GLSAMaker <>
AuthorDate: 2023-09-17 05:24:21 +0000
Commit:     Sam James <>
CommitDate: 2023-09-17 05:26:26 +0000

    [ GLSA 202309-03 ] GPL Ghostscript: Multiple Vulnerabilities
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Sam James <>

 glsa-202309-03.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)