This sounds bad: https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability 10.01.2, which contains the fix, is already in the tree, but not yet stabilized.
Version 10.01.2 should be stabilized asap, this is serious.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9c38541fc770d5ef98f0327092ae33c0bab71167 commit 9c38541fc770d5ef98f0327092ae33c0bab71167 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-03 ] GPL Ghostscript: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/904245 Bug: https://bugs.gentoo.org/910294 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-03.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
