Summary: | print/ghostscript10: please fix CVE-2023-28879 by updating to 10.01.1 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Matthias Andree <mandree> | ||||
Component: | Individual Port(s) | Assignee: | Matthias Andree <mandree> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | diizzy, fernape, michael.osipov, ports-secteam | ||||
Priority: | --- | Keywords: | security | ||||
Version: | Latest | Flags: | michael.osipov:
maintainer-feedback+
mandree: merge-quarterly+ |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270823 | ||||||
Attachments: |
|
Description
Matthias Andree
2023-04-12 20:24:21 UTC
Created attachment 241449 [details]
Patch for ghostscript10 (port only)
Poudriere testport OK - 12.4 amd64, 13.2 i386
Will test as well and give my consent. (In reply to Daniel Engberg from comment #1) The patch works for me, please commit and MFH to 2023Q2. Thank you! ^Triage: reporter is committer, assign accordingly. Also, please remember to add an entry to VuXML: https://docs.freebsd.org/en/books/porters-handbook/book/#security-notify-vuxml-testing cd security/vuxml && make newentry CVE_ID=CVE-2023-28879 should get you half way. A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=83831bbefd984abe6b35bcaa13eb99f60a8fd470 commit 83831bbefd984abe6b35bcaa13eb99f60a8fd470 Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2023-04-13 19:18:19 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2023-04-13 19:20:07 +0000 print/ghostscript10: update to 10.01.1 to fix Security: CVE-2023-28879 Security: 25872b25-da2d-11ed-b715-a1e76793953b PR: 270800 Approved by: Michael Osipov (maintainer) MFH: 2023Q2 print/ghostscript10/Makefile | 2 +- print/ghostscript10/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) A commit in branch 2023Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=0d5a7e35c0d07e17650cfdcd58b0a0e7e815d7f2 commit 0d5a7e35c0d07e17650cfdcd58b0a0e7e815d7f2 Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2023-04-13 19:18:19 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2023-04-13 19:20:39 +0000 print/ghostscript10: update to 10.01.1 to fix Security: CVE-2023-28879 Security: 25872b25-da2d-11ed-b715-a1e76793953b PR: 270800 Approved by: Michael Osipov (maintainer) MFH: 2023Q2 (cherry picked from commit 83831bbefd984abe6b35bcaa13eb99f60a8fd470) print/ghostscript10/Makefile | 2 +- print/ghostscript10/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) |