Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Oct 2018 13:13:41 -0400
From: Leo Famulari <leo@...ulari.name>
To: Tavis Ormandy <taviso@...gle.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: ghostscript: bypassing executeonly to escape
 -dSAFER sandbox (CVE-2018-17961)

On Tue, Oct 09, 2018 at 06:58:39AM -0700, Tavis Ormandy wrote:
> The fix is public now, here are the necessary commit:
> 
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94

Thanks. Does anyone have a patch or patch series that applies to a
released version of Ghostscript? It's difficult to figure out how to
safely adapt these patches to either Ghostscript 9.24 or 9.25.

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.