Launchpad has imported 7 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=431536.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-02-05T11:28:39+00:00 Tomas wrote: Chris Evans of Google security team has reported a buffer overflow in zseticcspace() function in zicc.c. The issue is over-trust of the length of a postscript array which an attacker can set to an arbitrary length. This issue can lead to arbitrary code execution. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/0 ------------------------------------------------------------------------ On 2008-02-05T17:11:58+00:00 Tomas wrote: Created attachment 294020 Patch proposed by Werner Fink Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/1 ------------------------------------------------------------------------ On 2008-02-27T16:42:47+00:00 Tomas wrote: Chris Evans' advisory is public now, lifting embargo: http://scary.beasts.org/security/CESA-2008-001.html Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/2 ------------------------------------------------------------------------ On 2008-02-27T17:44:11+00:00 Fedora wrote: ghostscript-8.15.4-4.fc7 has been submitted as an update for Fedora 7 Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/3 ------------------------------------------------------------------------ On 2008-02-28T21:40:02+00:00 Fedora wrote: ghostscript-8.61-8.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ghostscript'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-1998 Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/5 ------------------------------------------------------------------------ On 2008-03-03T18:24:12+00:00 Fedora wrote: ghostscript-8.61-8.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/6 ------------------------------------------------------------------------ On 2008-03-06T16:39:07+00:00 Fedora wrote: ghostscript-8.15.4-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/7 ** Changed in: ghostscript (Fedora) Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/196397 Title: [ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code To manage notifications about this bug go to: https://bugs.launchpad.net/gs-gpl/+bug/196397/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
