Incoming details.
The .buildfont1 does not sufficiently protect its environment. A specially crafted PostScript script can override the typecheck error handler to retrieve a reference to .forceput. This can be used to disable -dSAFER and, for example, access files outside of the restricted area. Upstream patch: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
Ghostscript 9.50 was released on 2019-10-15: https://ghostscript.com/pipermail/gs-devel/2019-October/010232.html """ The more astute among you might notice that 9.28 has morphed into 9.50. In a recent discussion amongst the Ghostscript developers, it became clear that the redesign and reimplementation of the file security features warranted more recognition than just the usual single digit version increment. Hence we opted to bump it up to 9.50. """
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afdbdbedba9222816f18bbf03d102bdb73ce3a15 commit afdbdbedba9222816f18bbf03d102bdb73ce3a15 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-24 22:18:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-24 22:29:05 +0000 app-text/ghostscript-gpl: bump to v9.50 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
New GLSA request filed.
This issue was resolved and addressed in GLSA 202004-03 at https://security.gentoo.org/glsa/202004-03 by GLSA coordinator Thomas Deutschmann (whissi).
