Re: ghostscript vulnerabilities

2016-11-06 Thread Ludovic Courtès
Hi Didier, Didier Link skribis: > I've just released a gnu-ghostscript point release with the CVE patches > adapted by Mark (really thanks !!!). Thank you! > For the CVE-2016-7977 I've see that the file concerned was modified in > later release of gpl-ghostscript, I

Re: ghostscript vulnerabilities

2016-11-06 Thread Didier Link
Le 16/10/2016 à 17:47, Alex Vong a écrit : > Hello, > > I notice the patch for CVE-2016-7977[0] handles the problem differently > than GNU Ghostscript[1] does. Maybe you can take a look at it. > > [0]: >

Re: ghostscript vulnerabilities

2016-10-16 Thread Alex Vong
Hello, I notice the patch for CVE-2016-7977[0] handles the problem differently than GNU Ghostscript[1] does. Maybe you can take a look at it. [0]: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 [1]:

Re: ghostscript vulnerabilities

2016-10-16 Thread Didier Link
Hello all I will review the Mark's patches and apply them for a security release next week. Thanks for your help ! Best regards Didier Le 15/10/2016 à 09:36, Mark H Weaver a écrit : > l...@gnu.org (Ludovic Courtès) writes: > >> Hello Didier and all, >> >> We are wondering about the

Re: ghostscript vulnerabilities

2016-10-15 Thread Mark H Weaver
l...@gnu.org (Ludovic Courtès) writes: > Hello Didier and all, > > We are wondering about the applicability to GNU Ghostscript of the > recent vulnerabilities discovered in AGPL Ghostscript: > > Alex Vong skribis: > >> Salvatore Bonaccorso writes: >>

Re: ghostscript vulnerabilities

2016-10-12 Thread Ludovic Courtès
Hello Didier and all, We are wondering about the applicability to GNU Ghostscript of the recent vulnerabilities discovered in AGPL Ghostscript: Alex Vong skribis: > Salvatore Bonaccorso writes: > >>

Re: ghostscript vulnerabilities

2016-10-12 Thread Leo Famulari
On Wed, Oct 12, 2016 at 12:20:39PM -0400, Leo Famulari wrote: > I don't know the relationship between GNU Ghostscript and "upstream" > Ghostscript. Can anyone explain why GNU offers its own distribution? Some history here: https://en.wikipedia.org/wiki/Ghostscript#History Hopefully the upstream

Re: ghostscript vulnerabilities

2016-10-12 Thread Leo Famulari
On Wed, Oct 12, 2016 at 11:29:07PM +0800, Alex Vong wrote: > > Package: ghostscript > > CVE ID : CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 > > CVE-2016-7979 CVE-2016-8602 > > Debian Bug : 839118 839260 839841 839845 839846 840451 > > > > Several

ghostscript vulnerabilities

2016-10-12 Thread Alex Vong
Hello, Below are from the security announcement list: Salvatore Bonaccorso writes: > - > Debian Security Advisory DSA-3691-1 secur...@debian.org > https://www.debian.org/security/