Opened 7 years ago
Closed 7 years ago
#8841 closed defect (fixed)
ghostscript-9.20 vulnerability fixes.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 8.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
While I was trying to understand a build failure (which disappeared on a repeat attempt) I discovered that fedora have six patches to fix CVE numbers in ghostscript-9.20.
The numbers (in order of application) are CVE-2016-7979, CVE-2016-7976, CVE-2016-7978, CVE-2016-8602, CVE-2016-7977, CVE-2016-9601.
As is common, Mitre has marked these are Reserved, but there are bugzilla entries in the fedora specfile and from those there is at least one use after free.
I assumed these were fedora patches, but each one is from upstream's git tree so I guess we ought to batch them up as upstream fixes.
I'll do this unless anyone has a good reason not to apply these.
Change History (3)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
Note:
See TracTickets
for help on using tickets.
Looking at what is in patches, I'll call it security_fixes to match the older patches.