Bug 248580 - print/ghostscript9-agpl-base: Fix SAFER Sandbox Breakout vulnerability (CVE-2020-15900)
Summary: print/ghostscript9-agpl-base: Fix SAFER Sandbox Breakout vulnerability (CVE-2...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Mateusz Piotrowski
URL: https://insomniasec.com/blog/ghostscr...
Keywords: needs-qa, security
Depends on:
Reported: 2020-08-10 17:03 UTC by VVD
Modified: 2021-01-20 12:46 UTC (History)
7 users (show)

See Also:
blackend: maintainer-feedback+
blackend: maintainer-feedback-
koobs: merge-quarterly?

Fixed CVE-2020-15900 (1.71 KB, patch)
2020-08-10 17:03 UTC, VVD
vvd: maintainer-approval? (doceng)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VVD 2020-08-10 17:03:55 UTC
Created attachment 217132 [details]
Fixed CVE-2020-15900

Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)

This patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
Comment 1 VVD 2020-08-14 11:03:25 UTC
Something wrong with patch?

Tested build on 12.1 and 11.4 amd64.
Comment 2 Marc Fonvieille freebsd_committer 2020-08-14 11:45:27 UTC
(In reply to VVD from comment #1)
Comment 3 commit-hook freebsd_committer 2020-08-15 02:35:01 UTC
A commit references this bug:

Author: hrs
Date: Sat Aug 15 02:34:43 UTC 2020
New revision: 544907
URL: https://svnweb.freebsd.org/changeset/ports/544907

  Fix a memory corruption issue which can allow overriding of file
  access controls.

  Security:	CVE-2020-15900
  Security:	https://insomniasec.com/blog/ghostscript-cve-2020-15900
  Obtained from:	https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499
  PR:		248580

Comment 4 Hiroki Sato freebsd_committer 2020-08-15 02:38:14 UTC
Committed to head and will be merged to the quarterly branch.  Thanks for the report.
Comment 5 Jochen Neumeister freebsd_committer 2020-08-15 09:50:17 UTC
(In reply to Hiroki Sato from comment #4)

Thanks for the commit.

Unfortunately the field "MFH" was not used, so ports-secteam was not informed. 

Please create a vuxml entry for the CVE, after that it is released for 2020Q3.

Best regards
joneum (ports-secteam)
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-15 10:34:52 UTC
^Triage: Leave merge-quarterly flag open ? until merged
Comment 7 commit-hook freebsd_committer 2021-01-17 22:24:10 UTC
A commit references this bug:

Author: 0mp
Date: Sun Jan 17 22:23:35 UTC 2021
New revision: 561880
URL: https://svnweb.freebsd.org/changeset/ports/561880

  Document ghostscript9-agpl-base vulnerability committed in r544907

  PR:		248580
  Requested by:	joneum (ports-secteam)
  Reported by:	VVD <vvd@unislabs.com>
  MFH:		2021Q1
  Security:	CVE-2020-15900