[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Apr 2009 17:18:07 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: Robert Buchholz <rbu@...too.org>
Cc: oss-security@...ts.openwall.com,
"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request -- ghostscript
Hello Robert,
On Thu, 2009-04-02 at 13:40 +0200, Robert Buchholz wrote:
> On Wednesday 01 April 2009, Jan Lieskovsky wrote:
> > Hello Steve,
> >
> > could you please allocate new CVE ids for the following two
> > Ghostscript issues:
> >
> > 1, DoS (crash) in CCITTFax decoding filter
> > References:
> > https://bugzilla.redhat.com/show_bug.cgi?id=493442
> > https://bugzilla.redhat.com/show_bug.cgi?id=229174
> > -^ original report, so CVE-2007-XXXX will be needed
> > https://bugzilla.redhat.com/show_bug.cgi?id=493442#c1 (PoC)
>
> The Tim Waugh patch has been incorporated here:
> http://svn.ghostscript.com/viewvc?view=rev&revision=8896
>
Currently we are waiting on review for another patch at:
http://bugs.ghostscript.com/show_bug.cgi?id=689917#c11
because the initial patch, you mention, was 'only workaround'.
See Ralph's comment:
http://bugs.ghostscript.com/show_bug.cgi?id=689917#c5
Anyway, the proposed page also shows 1/2 of the page as blank :(.
Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
>
> Robert
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
