oss-security - Re: CVE request -- ghostscript

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-Id: <200904021340.04026.rbu@gentoo.org>
Date: Thu, 2 Apr 2009 13:40:00 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Cc: Jan Lieskovsky <jlieskov@...hat.com>,
 "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request -- ghostscript

On Wednesday 01 April 2009, Jan Lieskovsky wrote:
> Hello Steve,
>
>   could you please allocate new CVE ids for the following two
> Ghostscript issues:
>
> 1, DoS (crash) in CCITTFax decoding filter
>    References:
>    https://bugzilla.redhat.com/show_bug.cgi?id=493442
>    https://bugzilla.redhat.com/show_bug.cgi?id=229174
>    -^ original report, so CVE-2007-XXXX will be needed
>    https://bugzilla.redhat.com/show_bug.cgi?id=493442#c1 (PoC)

The Tim Waugh patch has been incorporated here:
http://svn.ghostscript.com/viewvc?view=rev&revision=8896

Robert

Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.