Bug 270800 - print/ghostscript10: please fix CVE-2023-28879 by updating to 10.01.1
Summary: print/ghostscript10: please fix CVE-2023-28879 by updating to 10.01.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Matthias Andree
URL: https://artifex.com/news/critical-sec...
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-04-12 20:24 UTC by Matthias Andree
Modified: 2023-04-13 19:32 UTC (History)
4 users (show)

See Also:
michael.osipov: maintainer-feedback+
mandree: merge-quarterly+

Attachments
Patch for ghostscript10 (port only) (946 bytes, patch)
2023-04-12 21:50 UTC, Daniel Engberg 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree freebsd_committer freebsd_triage 2023-04-12 20:24:21 UTC 
Please update to 10.01.1 which fixes CVE-2023-28879, and add a vulndb entry, see https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2023-04-12 21:50:30 UTC 
Created attachment 241449 [details]
Patch for ghostscript10 (port only)

Poudriere testport OK - 12.4 amd64, 13.2 i386
Comment 2 Michael Osipov 2023-04-13 06:18:18 UTC 
Will test as well and give my consent.
Comment 3 Michael Osipov 2023-04-13 08:09:26 UTC 
(In reply to Daniel Engberg from comment #1)

The patch works for me, please commit and MFH to 2023Q2.

Thank you!
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2023-04-13 08:58:03 UTC 
^Triage: reporter is committer, assign accordingly.
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2023-04-13 09:01:48 UTC 
Also, please remember to add an entry to VuXML: https://docs.freebsd.org/en/books/porters-handbook/book/#security-notify-vuxml-testing

cd security/vuxml && make newentry CVE_ID=CVE-2023-28879 should get you half way.
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-04-13 19:21:04 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=83831bbefd984abe6b35bcaa13eb99f60a8fd470

commit 83831bbefd984abe6b35bcaa13eb99f60a8fd470
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-04-13 19:18:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-04-13 19:20:07 +0000

    print/ghostscript10: update to 10.01.1

    to fix
    Security:       CVE-2023-28879
    Security:       25872b25-da2d-11ed-b715-a1e76793953b
    PR:             270800
    Approved by:    Michael Osipov (maintainer)
    MFH:            2023Q2

 print/ghostscript10/Makefile | 2 +-
 print/ghostscript10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2023-04-13 19:24:06 UTC 
A commit in branch 2023Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0d5a7e35c0d07e17650cfdcd58b0a0e7e815d7f2

commit 0d5a7e35c0d07e17650cfdcd58b0a0e7e815d7f2
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-04-13 19:18:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-04-13 19:20:39 +0000

    print/ghostscript10: update to 10.01.1

    to fix
    Security:       CVE-2023-28879
    Security:       25872b25-da2d-11ed-b715-a1e76793953b
    PR:             270800
    Approved by:    Michael Osipov (maintainer)
    MFH:            2023Q2

    (cherry picked from commit 83831bbefd984abe6b35bcaa13eb99f60a8fd470)

 print/ghostscript10/Makefile | 2 +-
 print/ghostscript10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)