[Secure-testing-commits] r50869 - data/CVE

Salvatore Bonaccorso Thu, 20 Apr 2017 22:54:14 -0700

Author: carnil
Date: 2017-04-21 05:23:57 +0000 (Fri, 21 Apr 2017)
New Revision: 50869


Modified:
   data/CVE/list
Log:
Update information for CVE-2017-7948/ghostscript

The issue is just uncovered in the source code since the edgebuffer scan
converter is enabled by default via
http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308

git bisect start
git bisect bad 0f598a2c56f2ccec4ecf67f8f585a340b04057ef
git bisect bad 063416192c169889ef0b227aab5d912f71640590
git bisect bad eb6ebd779b24cf36ac8dd13e3553c9b262235b37
git bisect good cc35e521d8fb162f97252a3509b9041f4253b818
git bisect good 66361d261c6cdcf4d01463ac9d1d769951a32bed
git bisect bad b8b1d543fe833478c167940110e04ddc353d0f3b
git bisect bad dd5da2cb3e08398ac6d86598b36b00994d058308
git bisect good c4bff06c6c527af4cdddc2bd4cbd6fef8ffa4e22

Since the vulnerable code still is there in unstable, mark as <unfixed>
(unimportant), but whenever it get's a newer version where the
edgebuffer scan converter is enabled by default (e.g. 9.21) then it
needs to made sure this commit

http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699

is included.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-04-21 05:23:39 UTC (rev 50868)
+++ data/CVE/list       2017-04-21 05:23:57 UTC (rev 50869)
@@ -71,12 +71,13 @@
 CVE-2017-7949
        RESERVED
 CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex 
Ghostscript 9.21 ...)
-       - ghostscript <unfixed>
+       - ghostscript <unfixed> (unimportant)
        [jessie] - ghostscript <not-affected> (Vulnerable code not present)
        [wheezy] - ghostscript <not-affected> (Vulnerable code not present)
        NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762
-       NOTE: 
http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
-       NOTE: The problem lies in base/gxscanc.c, a new scan converter 
introduced in 9.20. However I can't reproduce the segfault with 9.20~dfsg-3 on 
sid/amd64. -- Raphael Hertzog
+       NOTE: Fixed by: 
http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
+       NOTE: edgebuffer scan converter was made default only in: 
http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
+       NOTE: But the vulnerable code via base/gxscan.c, a new scan converter 
introduced in 9.20 is present.
 CVE-2017-7947
        RESERVED
 CVE-2016-10347


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r50869 - data/CVE

Reply via email to