GNU bug report logs - #32663
[PATCH 0/2] Ghostscript fixes

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Sat, 8 Sep 2018 11:09:02 UTC

Severity: normal

Tags: patch

Done: Ricardo Wurmus <rekado <at> elephly.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Marius Bakke <mbakke <at> fastmail.com>
To: 32663 <at> debbugs.gnu.org
Subject: [bug#32663] [PATCH 0/2] Ghostscript fixes
Date: Sat,  8 Sep 2018 13:08:16 +0200

These patches aim to fix the recent security issues in Ghostscript.
I have verified that the reproducers in
<https://bugs.chromium.org/p/project-zero/issues/detail?id=1640> no
longer work with these patches.

Marius Bakke (2):
  gnu: jbig2dec: Replace with 0.15 [security fixes].
  gnu: ghostscript: Update replacement to 9.24 [security fixes].

 gnu/local.mk                                  |   2 +-
 gnu/packages/ghostscript.scm                  |  36 +++-
 gnu/packages/image.scm                        |  15 ++
 .../patches/ghostscript-CVE-2018-10194.patch  |  52 -----
 .../patches/ghostscript-CVE-2018-16509.patch  | 193 ++++++++++++++++++
 5 files changed, 242 insertions(+), 56 deletions(-)
 delete mode 100644 gnu/packages/patches/ghostscript-CVE-2018-10194.patch
 create mode 100644 gnu/packages/patches/ghostscript-CVE-2018-16509.patch

-- 
2.18.0
This bug report was last modified 6 years and 106 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.