oss-sec mailing list archives
Re: CVE request -- ghostscript
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 02 Apr 2009 17:18:07 +0200
Hello Robert, On Thu, 2009-04-02 at 13:40 +0200, Robert Buchholz wrote:
On Wednesday 01 April 2009, Jan Lieskovsky wrote:Hello Steve, could you please allocate new CVE ids for the following two Ghostscript issues: 1, DoS (crash) in CCITTFax decoding filter References: https://bugzilla.redhat.com/show_bug.cgi?id=493442 https://bugzilla.redhat.com/show_bug.cgi?id=229174 -^ original report, so CVE-2007-XXXX will be needed https://bugzilla.redhat.com/show_bug.cgi?id=493442#c1 (PoC)The Tim Waugh patch has been incorporated here: http://svn.ghostscript.com/viewvc?view=rev&revision=8896
Currently we are waiting on review for another patch at: http://bugs.ghostscript.com/show_bug.cgi?id=689917#c11 because the initial patch, you mention, was 'only workaround'. See Ralph's comment: http://bugs.ghostscript.com/show_bug.cgi?id=689917#c5 Anyway, the proposed page also shows 1/2 of the page as blank :(. Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Robert
Current thread:
- CVE request -- ghostscript Jan Lieskovsky (Apr 01)
- Re: CVE request -- ghostscript Robert Buchholz (Apr 02)
- Re: CVE request -- ghostscript Jan Lieskovsky (Apr 02)
- Re: (Sort of urgent) CVE request -- ghostscript Jan Lieskovsky (Apr 08)
- Re: (Sort of urgent) CVE request -- ghostscript Steven M. Christey (Apr 08)
- Re: CVE request -- ghostscript Robert Buchholz (Apr 02)