Hi, On Mon, Aug 27, 2018 at 08:34:25PM +0200, Jonas Smedegaard wrote: > Quoting Salvatore Bonaccorso (2018-08-26 21:55:14) > > Hi, > > > > On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote: > > > Tavis Ormandy disclosed a new ghoscript security issue, leading directly > > > to code > > > execution: http://openwall.com/lists/oss-security/2018/08/21/2 > > > > There are actually several issues, see the whole thread. For now since > > you filled this bug will track all those with this bug entry. Proper > > evaluation though is still pending (and Moritz is taking care of > > strech, adding this note to dsa-needed file ("needs some research on > > issues found by Tavis"). > > > > See > > > > https://www.kb.cert.org/vuls/id/332928 > > > > the current set of fixes: > > > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501 > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111 > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3 > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118 > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716 > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01 > > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614 > > Also http://git.ghostscript.com/?p=ghostpdl.git;h=0b6cd19
A first set of CVEs has now been assigned already: CVE-2018-15908, CVE-2018-15909 and CVE-2018-15910. Regards, Salvatore
