Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668846 (CVE-2018-18284) - <app-text/ghostscript-gpl-9.26: 1Policy operator gives access to .forceput (CVE-2018-18284)
Summary: <app-text/ghostscript-gpl-9.26: 1Policy operator gives access to .forceput (C...
Status: RESOLVED FIXED
Alias: CVE-2018-18284
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.chromium.org/p/project-z...
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2018-19409
  Show dependency tree
 
Reported: 2018-10-17 00:43 UTC by Vlad K.
Modified: 2019-04-04 19:22 UTC (History)
1 user (show)

See Also:
Package list:
app-text/ghostscript-gpl-9.26
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlad K. 2018-10-17 00:43:50 UTC
* Summary:
  https://bugs.chromium.org/p/project-zero/issues/detail?id=1696

* Upstream bug report (not public at the moment):
  https://bugs.ghostscript.com/show_bug.cgi?id=699963

* Fixed in:
  http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b

--

Gentoo Security Scout
Vladimir Krstulja
Comment 1 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-11-23 07:24:57 UTC
amd64 stable
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-23 16:35:48 UTC
x86 stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-24 11:10:04 UTC
ia64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-24 11:11:13 UTC
ppc stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-24 11:12:21 UTC
ppc64 stable
Comment 6 Rolf Eike Beer archtester 2018-11-24 13:02:21 UTC
sparc done
Comment 7 Mart Raudsepp gentoo-dev 2018-11-24 16:01:01 UTC
arm64 stable
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-11-24 19:49:43 UTC
This issue was resolved and addressed in
 GLSA 201811-12 at https://security.gentoo.org/glsa/201811-12
by GLSA coordinator Aaron Bauman (b-man).
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2018-11-24 19:50:31 UTC
re-opened for final arches and cleanup.
Comment 10 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-11-25 10:08:53 UTC
arm stable
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-11-25 10:09:12 UTC
s390 stable
Comment 12 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-11-25 10:09:58 UTC
alpha stable
Comment 13 Matt Turner gentoo-dev 2018-12-30 22:16:54 UTC
hppa stable. all arches stable
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2019-03-10 20:52:57 UTC
@printing, please clean vulnerable.
Comment 15 Aaron Bauman (RETIRED) gentoo-dev 2019-04-04 19:22:26 UTC
tree is clean