Bug 121283 - [PATCH]print/ghostscript-gpl: fix security hole in 8.61
Summary: [PATCH]print/ghostscript-gpl: fix security hole in 8.61
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Rong-En Fan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-02 11:20 UTC by bf
Modified: 2008-03-05 07:13 UTC (History)
0 users

See Also:

Attachments
file.diff (1.06 KB, patch)
2008-03-02 11:20 UTC, bf 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description bf 2008-03-02 11:20:03 UTC 
Fix CVE-2008-0411(

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0411
http://scary.beasts.org/security/CESA-2008-001.html

), using a Red Hat patch from:

https://bugzilla.redhat.com/attachment.cgi?id=294020

and bump portrevision.  The new version hasn't been in ports long, but
I guess a vuxml entry should be added, to be on the safe side.

Fix: Patch attached with submission follows:
Comment 1 bf 2008-03-02 11:56:09 UTC 
I should mention that this security problem is said to
exist with some ghostscript versions prior to 8.61.


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Comment 2 bf 2008-03-02 12:14:54 UTC 
 I should also mention that versions of ghostscript
prior to 8.61 may suffer from the remote security
vulnerability CVE-2007-2721 in the bundled jasper
code. See:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2721

This vulnerability has been fixed in the latest
ghostscript 8.61 source code tarballs, using a fix
from:

http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg118235.html

This should probably also be noted in vuxml.



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Comment 3 Rong-En Fan freebsd_committer freebsd_triage 2008-03-02 12:39:58 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->rafan

I'll take it.
Comment 4 dfilter service freebsd_committer freebsd_triage 2008-03-02 12:43:36 UTC 
rafan       2008-03-02 12:43:31 UTC

  FreeBSD ports repository

  Modified files:
    print/ghostscript-gpl Makefile.inc 
  Added files:
    print/ghostscript-gpl/files patch-src__zicc.c 
  Log:
  - Fix security issue
  
  PR:             ports/121283
  Security:       CVE-2008-0411
  Submitted by:   bf <bf2006a at yahoo.com>
  
  Revision  Changes    Path
  1.26      +2 -2      ports/print/ghostscript-gpl/Makefile.inc
  1.1       +12 -0     ports/print/ghostscript-gpl/files/patch-src__zicc.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Rong-En Fan freebsd_committer freebsd_triage 2008-03-05 07:13:37 UTC 
State Changed
From-To: open->closed

Committed. Vuxml entry added. Thanks!