Bug 258424 - print/ghostscript*: potential CVE-2021-3781
Summary: print/ghostscript*: potential CVE-2021-3781
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Document Engineering Group (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-11 10:07 UTC by Kurt Jaeger
Modified: 2021-09-15 06:01 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer 2021-09-11 10:07:09 UTC
See https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/ for more details and

https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde

for a potential fix from upstream. TODO: check if this patch applies and which version of ghostscript it applies to.