Created attachment 217132 [details]
Ghostscript SAFER Sandbox Breakout (CVE-2020-15900)
This patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
Something wrong with patch?
Tested build on 12.1 and 11.4 amd64.
(In reply to VVD from comment #1)
A commit references this bug:
Date: Sat Aug 15 02:34:43 UTC 2020
New revision: 544907
Fix a memory corruption issue which can allow overriding of file
Obtained from: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499
Committed to head and will be merged to the quarterly branch. Thanks for the report.
(In reply to Hiroki Sato from comment #4)
Thanks for the commit.
Unfortunately the field "MFH" was not used, so ports-secteam was not informed.
Please create a vuxml entry for the CVE, after that it is released for 2020Q3.
^Triage: Leave merge-quarterly flag open ? until merged