Bug 270800 - print/ghostscript10: please fix CVE-2023-28879 by updating to 10.01.1
Summary: print/ghostscript10: please fix CVE-2023-28879 by updating to 10.01.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Matthias Andree
URL: https://artifex.com/news/critical-sec...
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-04-12 20:24 UTC by Matthias Andree
Modified: 2023-04-13 19:32 UTC (History)
4 users (show)

See Also:
michael.osipov: maintainer-feedback+
mandree: merge-quarterly+


Attachments
Patch for ghostscript10 (port only) (946 bytes, patch)
2023-04-12 21:50 UTC, Daniel Engberg
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree freebsd_committer freebsd_triage 2023-04-12 20:24:21 UTC
Please update to 10.01.1 which fixes CVE-2023-28879, and add a vulndb entry, see https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2023-04-12 21:50:30 UTC
Created attachment 241449 [details]
Patch for ghostscript10 (port only)

Poudriere testport OK - 12.4 amd64, 13.2 i386
Comment 2 Michael Osipov 2023-04-13 06:18:18 UTC
Will test as well and give my consent.
Comment 3 Michael Osipov 2023-04-13 08:09:26 UTC
(In reply to Daniel Engberg from comment #1)

The patch works for me, please commit and MFH to 2023Q2.

Thank you!
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2023-04-13 08:58:03 UTC
^Triage: reporter is committer, assign accordingly.
Comment 5 Fernando Apesteguía freebsd_committer freebsd_triage 2023-04-13 09:01:48 UTC
Also, please remember to add an entry to VuXML: https://docs.freebsd.org/en/books/porters-handbook/book/#security-notify-vuxml-testing

cd security/vuxml && make newentry CVE_ID=CVE-2023-28879 should get you half way.
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-04-13 19:21:04 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=83831bbefd984abe6b35bcaa13eb99f60a8fd470

commit 83831bbefd984abe6b35bcaa13eb99f60a8fd470
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-04-13 19:18:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-04-13 19:20:07 +0000

    print/ghostscript10: update to 10.01.1

    to fix
    Security:       CVE-2023-28879
    Security:       25872b25-da2d-11ed-b715-a1e76793953b
    PR:             270800
    Approved by:    Michael Osipov (maintainer)
    MFH:            2023Q2

 print/ghostscript10/Makefile | 2 +-
 print/ghostscript10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2023-04-13 19:24:06 UTC
A commit in branch 2023Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0d5a7e35c0d07e17650cfdcd58b0a0e7e815d7f2

commit 0d5a7e35c0d07e17650cfdcd58b0a0e7e815d7f2
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-04-13 19:18:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-04-13 19:20:39 +0000

    print/ghostscript10: update to 10.01.1

    to fix
    Security:       CVE-2023-28879
    Security:       25872b25-da2d-11ed-b715-a1e76793953b
    PR:             270800
    Approved by:    Michael Osipov (maintainer)
    MFH:            2023Q2

    (cherry picked from commit 83831bbefd984abe6b35bcaa13eb99f60a8fd470)

 print/ghostscript10/Makefile | 2 +-
 print/ghostscript10/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)