Launchpad has imported 7 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=431536.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-02-05T11:28:39+00:00 Tomas wrote: Chris Evans of Google security team has reported a buffer overflow in zseticcspace() function in zicc.c. The issue is over-trust of the length of a postscript array which an attacker can set to an arbitrary length. This issue can lead to arbitrary code execution. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/0 ------------------------------------------------------------------------ On 2008-02-05T17:11:58+00:00 Tomas wrote: Created attachment 294020 Patch proposed by Werner Fink Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/1 ------------------------------------------------------------------------ On 2008-02-27T16:42:47+00:00 Tomas wrote: Chris Evans' advisory is public now, lifting embargo: http://scary.beasts.org/security/CESA-2008-001.html Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/2 ------------------------------------------------------------------------ On 2008-02-27T17:44:11+00:00 Fedora wrote: ghostscript-8.15.4-4.fc7 has been submitted as an update for Fedora 7 Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/3 ------------------------------------------------------------------------ On 2008-02-28T21:40:02+00:00 Fedora wrote: ghostscript-8.61-8.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ghostscript'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-1998 Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/5 ------------------------------------------------------------------------ On 2008-03-03T18:24:12+00:00 Fedora wrote: ghostscript-8.61-8.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/6 ------------------------------------------------------------------------ On 2008-03-06T16:39:07+00:00 Fedora wrote: ghostscript-8.15.4-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/7 ** Changed in: ghostscript (Fedora) Importance: Unknown => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ghostscript in Ubuntu. https://bugs.launchpad.net/bugs/196397 Title: [ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code Status in GS-GPL: Fix Released Status in ghostscript package in Ubuntu: Fix Released Status in gs-esp package in Ubuntu: Invalid Status in gs-gpl package in Ubuntu: Invalid Status in ghostscript source package in Dapper: Invalid Status in gs-esp source package in Dapper: Fix Released Status in gs-gpl source package in Dapper: Fix Released Status in ghostscript source package in Edgy: Invalid Status in gs-esp source package in Edgy: Fix Released Status in gs-gpl source package in Edgy: Fix Released Status in ghostscript source package in Feisty: Invalid Status in gs-esp source package in Feisty: Fix Released Status in gs-gpl source package in Feisty: Fix Released Status in ghostscript source package in Gutsy: Fix Released Status in gs-esp source package in Gutsy: Invalid Status in gs-gpl source package in Gutsy: Invalid Status in ghostscript package in Debian: Fix Released Status in ghostscript package in Fedora: Fix Released Status in ghostscript package in Gentoo Linux: Fix Released Status in ghostscript package in Mandriva: Unknown Bug description: Binary package hint: gs-gpl References: DSA-1510-1 (http://www.debian.org/security/2008/dsa-1510) Quoting: "Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file." To manage notifications about this bug go to: https://bugs.launchpad.net/gs-gpl/+bug/196397/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
