[Git][security-tracker-team/security-tracker][master] Add temporary entry for ghostscript issues for -dSAFER sanbox bypasses
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 26 21:01:59 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
746fd106 by Salvatore Bonaccorso at 2018-08-26T20:00:36Z
Add temporary entry for ghostscript issues for -dSAFER sanbox bypasses
Actually each of the found issues should get CVE assigned, but MITRE has
not yet assigned CVEs, so for now tracking those issues under the
temporary item and BTS entry #907332.
CERT tracks this issue under: https://www.kb.cert.org/vuls/id/332928
Patches available as per
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614
Thanks: Nicolas Braud-Santoni for starting tracking those issues.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,18 @@
+CVE-2018-XXXX [Multiple -dSAFER sandbox bypass vulnerabilities]
+ - ghostscript <unfixed> (bug #907332)
+ NOTE: https://www.kb.cert.org/vuls/id/332928
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b575e1ec
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8e9ce501
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=241d9111
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e01e77a3
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0d390118
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c3476dde
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b326a716
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=78911a01
+ NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5516c614
CVE-2018-15877 (The Plainview Activity Monitor plugin 4.7.11 for WordPress is ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/746fd10609775956653b6c9d4090d57e10e67853
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/746fd10609775956653b6c9d4090d57e10e67853
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180826/fb87b778/attachment.html>
More information about the debian-security-tracker-commits
mailing list