oss-sec mailing list archives
Re: CVE request: ghostscript
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 12 Jul 2010 11:00:56 -0600
* [2010-07-12 12:48:35 -0400] Dan Rosenberg wrote:
I believe this is identical to CVE-2010-1869 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1869).
They don't look identical to me. Patches differ, upstream bugs differ. Can't really do anything hands-on to test since the PoC attached to the upstream bug is private.
On Mon, Jul 12, 2010 at 12:28 PM, Marc Deslauriers <marc.deslauriers () canonical com> wrote:Hi, I don't think this ever got a CVE: A memory corruption vulnerability in Ghostscript 8.64 and earlier caused by long names can lead to arbitrary code execution. http://bugs.ghostscript.com/show_bug.cgi?id=690523 http://svn.ghostscript.com/viewvc?view=rev&revision=9797
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- Re: CVE request: ghostscript Vincent Danen (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- Re: CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Josh Bressers (Jul 12)
- Re: CVE request: ghostscript Vincent Danen (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)