oss-sec mailing list archives
Re: CVE request: ghostscript and gv
From: Josh Bressers <bressers () redhat com>
Date: Tue, 1 Jun 2010 15:25:46 -0400 (EDT)
----- "Michael Gilbert" <michael.s.gilbert () gmail com> wrote:
In the Debian bug report Paul also mentiones that gv creates a temporary file in an insecure way: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10should the insecure temp file get its own id since it is rather different than the original problem?
Sigh, yes. I need to read the whole mail next time :(
So to recap:
CVE-2010-2055 ghostscript and gv unsafe CWD init file usage
CVE-2010-2056 ghostscript insecure /tmp use
--
JB
Current thread:
- CVE request: ghostscript and gv Ludwig Nussel (May 28)
- Re: CVE request: ghostscript and gv Bernhard R. Link (May 29)
- Re: CVE request: ghostscript and gv Florian Weimer (May 30)
- Re: CVE request: ghostscript and gv Bernhard R. Link (May 30)
- Re: CVE request: ghostscript and gv Florian Weimer (May 30)
- Re: CVE request: ghostscript and gv Josh Bressers (Jun 01)
- Re: CVE request: ghostscript and gv Michael Gilbert (Jun 01)
- Re: CVE request: ghostscript and gv Josh Bressers (Jun 01)
- Re: CVE request: ghostscript and gv Michael Gilbert (Jun 01)
- Re: CVE request: ghostscript and gv Bernhard R. Link (May 29)