Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Apr 2009 17:18:07 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: Robert Buchholz <rbu@...too.org>
Cc: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request -- ghostscript

Hello Robert,

On Thu, 2009-04-02 at 13:40 +0200, Robert Buchholz wrote:
> On Wednesday 01 April 2009, Jan Lieskovsky wrote:
> > Hello Steve,
> >
> >   could you please allocate new CVE ids for the following two
> > Ghostscript issues:
> >
> > 1, DoS (crash) in CCITTFax decoding filter
> >    References:
> >    https://bugzilla.redhat.com/show_bug.cgi?id=493442
> >    https://bugzilla.redhat.com/show_bug.cgi?id=229174
> >    -^ original report, so CVE-2007-XXXX will be needed
> >    https://bugzilla.redhat.com/show_bug.cgi?id=493442#c1 (PoC)
> 
> The Tim Waugh patch has been incorporated here:
> http://svn.ghostscript.com/viewvc?view=rev&revision=8896
> 

Currently we are waiting on review for another patch at:

http://bugs.ghostscript.com/show_bug.cgi?id=689917#c11

because the initial patch, you mention, was 'only workaround'.

See Ralph's comment:

http://bugs.ghostscript.com/show_bug.cgi?id=689917#c5

Anyway, the proposed page also shows 1/2 of the page as blank :(.

Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

> 
> Robert

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.