CVE-2010-1628 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628): Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.
This is not yet fixed in 8.71, but there's a patch upstream (bug in $URL) at http://bugs.ghostscript.com/attachment.cgi?id=6350
CVE-2010-2055 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055): Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program.
For the second issue: Patch: http://bugs.ghostscript.com/attachment.cgi?id=6441 Bug: http://bugs.ghostscript.com/show_bug.cgi?id=691350
Thanks, fixed with ghostscript-gpl-8.71-r6. I took Dr. Werner Fink's patch from upstream bug #691350 for <=8.71. =media-fonts/urw-fonts-2.4.9 needs to get stabilized along with ghostscript-gpl-8.71-r6. It is a new dependency over -r1 (replacing gnu-gs-fonts-std). ~mips is the only arch which still needs to keyword urw-fonts, see KEYWORDREQ bug #288861).
Can this go stable now?
(In reply to comment #5) > Can this go stable now? Yes please, stabilize: =media-fonts/urw-fonts-2.4.9 (bug #288861) =app-text/ghostscript-gpl-8.71-r6
*** Bug 340493 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable: =media-fonts/urw-fonts-2.4.9 (bug #288861) =app-text/ghostscript-gpl-8.71-r6 Target keywords for both packages: "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Created attachment 251139 [details] Build log everything seems to go through on amd64. I know QA notice, but I do not know if they are known errors and/or if they are resolvable or not.
Stable for HPPA.
x86 stable
amd64 done
ppc64 done
alpha/arm/ia64/s390/sh/sparc stable
ppc done too
Thanks, folks. GLSA request filed.
Thanks guys. No vulnerable version in tree anymore. Nothing left to do for printing.
*** Bug 322357 has been marked as a duplicate of this bug. ***
This issue was resolved and addressed in GLSA 201412-17 at http://security.gentoo.org/glsa/glsa-201412-17.xml by GLSA coordinator Sean Amoss (ackle).
