Bug 248580 - print/ghostscript9-agpl-base: Fix SAFER Sandbox Breakout vulnerability (CVE-2020-15900)
Summary: print/ghostscript9-agpl-base: Fix SAFER Sandbox Breakout vulnerability (CVE-2...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Mateusz Piotrowski
URL: https://insomniasec.com/blog/ghostscr...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2020-08-10 17:03 UTC by Vladimir Druzenko
Modified: 2021-01-20 12:46 UTC (History)
7 users (show)

See Also:
blackend: maintainer-feedback+
blackend: maintainer-feedback-
koobs: merge-quarterly?

Attachments
Fixed CVE-2020-15900 (1.71 KB, patch)
2020-08-10 17:03 UTC, Vladimir Druzenko 		vvd: maintainer-approval? (doceng)
 Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Druzenko freebsd_committer freebsd_triage 2020-08-10 17:03:55 UTC 
Created attachment 217132 [details]
Fixed CVE-2020-15900

Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)

This patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
Comment 1 Vladimir Druzenko freebsd_committer freebsd_triage 2020-08-14 11:03:25 UTC 
Something wrong with patch?

Tested build on 12.1 and 11.4 amd64.
Comment 2 Marc Fonvieille freebsd_committer freebsd_triage 2020-08-14 11:45:27 UTC 
(In reply to VVD from comment #1)
Approved.
Thanks.
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-08-15 02:35:01 UTC 
A commit references this bug:

Author: hrs
Date: Sat Aug 15 02:34:43 UTC 2020
New revision: 544907
URL: https://svnweb.freebsd.org/changeset/ports/544907

Log:
  Fix a memory corruption issue which can allow overriding of file
  access controls.

  Security:	CVE-2020-15900
  Security:	https://insomniasec.com/blog/ghostscript-cve-2020-15900
  Obtained from:	https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499
  272b95a6b890a1397e11d20937de000d31b
  PR:		248580

Changes:
  head/print/ghostscript9-agpl-base/Makefile
  head/print/ghostscript9-agpl-base/files/patch-Resource_Init_FAPIcidfmap
  head/print/ghostscript9-agpl-base/files/patch-configure
  head/print/ghostscript9-agpl-base/files/patch-lcms2mt
  head/print/ghostscript9-agpl-base/files/patch-psi-zstring.c
Comment 4 Hiroki Sato freebsd_committer freebsd_triage 2020-08-15 02:38:14 UTC 
Committed to head and will be merged to the quarterly branch.  Thanks for the report.
Comment 5 Jochen Neumeister freebsd_committer freebsd_triage 2020-08-15 09:50:17 UTC 
(In reply to Hiroki Sato from comment #4)

Thanks for the commit.

Unfortunately the field "MFH" was not used, so ports-secteam was not informed. 

Please create a vuxml entry for the CVE, after that it is released for 2020Q3.

Best regards
joneum (ports-secteam)
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-15 10:34:52 UTC 
^Triage: Leave merge-quarterly flag open ? until merged
Comment 7 commit-hook freebsd_committer freebsd_triage 2021-01-17 22:24:10 UTC 
A commit references this bug:

Author: 0mp
Date: Sun Jan 17 22:23:35 UTC 2021
New revision: 561880
URL: https://svnweb.freebsd.org/changeset/ports/561880

Log:
  Document ghostscript9-agpl-base vulnerability committed in r544907

  PR:		248580
  Requested by:	joneum (ports-secteam)
  Reported by:	VVD <vvd@unislabs.com>
  MFH:		2021Q1
  Security:	CVE-2020-15900

Changes:
  head/security/vuxml/vuln.xml