FS#60370 - [ghostscript] Backport fixes for CVE-2018-17961

Attached to Project: Arch Linux
Opened by Tommy Schmitt (spinka) - Wednesday, 10 October 2018, 10:36 GMT
Last edited by Andreas Radke (AndyRTR) - Friday, 26 October 2018, 14:05 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Andreas Radke (AndyRTR)
Levente Polyak (anthraxx)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Friday, 26 October 2018, 14:05 GMT
Reason for closing:  Fixed
Additional comments about closing:  9.25-4
Comment by Andreas Radke (AndyRTR) - Wednesday, 10 October 2018, 14:34 GMT
Patches don't apply. This would require backporting. Many more security related commits are pending at upstream git. I assume another quick release that we should wait for.
Comment by Tommy Schmitt (spinka) - Wednesday, 10 October 2018, 16:42 GMT
Sounds reasonable, thx.
Comment by Tommy Schmitt (spinka) - Thursday, 18 October 2018, 14:03 GMT Comment by Jensen McKenzie (your_doomsday) - Tuesday, 23 October 2018, 14:01 GMT
@AndyRTR

I think you can consider switching to upstream git snapshot temporarily until they make new release.

Debian did backport with total of 33 patches but I think this is harder route:
https://salsa.debian.org/printing-team/ghostscript/commit/5c1ed12f4c4eefed920231c7c790458a3000c7f1

Loading...