oss-security - Re: (Sort of urgent) CVE request -- ghostscript

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 08 Apr 2009 10:13:40 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: (Sort of urgent) CVE request -- ghostscript

Hello Steve,

  could you please allocate new CVE ids for the following
two issues?

Thank you, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

On Wed, 2009-04-01 at 21:43 +0200, Jan Lieskovsky wrote:
> Hello Steve,
> 
>   could you please allocate new CVE ids for the following two 
> Ghostscript issues:
> 
> 1, DoS (crash) in CCITTFax decoding filter
>    References:
>    https://bugzilla.redhat.com/show_bug.cgi?id=493442
>    https://bugzilla.redhat.com/show_bug.cgi?id=229174 
>    -^ original report, so CVE-2007-XXXX will be needed
>    https://bugzilla.redhat.com/show_bug.cgi?id=493442#c1 (PoC)
> 
> 
> 2, Buffer overflow in BaseFont writer module for pdfwrite defice
>    References:
>    https://bugzilla.redhat.com/show_bug.cgi?id=493445
>    http://bugs.ghostscript.com/show_bug.cgi?id=690211
>    -^ upstream bug report, so CVE-2008-XXXX will be needed
>    http://svn.ghostscript.com/viewvc?view=rev&sortby=rev&revision=9304 (upstream patch)
> 
> 
> Thanks, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
> 
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.