oss-sec mailing list archives

Re: CVE request: ghostscript

From: Josh Bressers <bressers () redhat com>
Date: Mon, 12 Jul 2010 14:33:49 -0400 (EDT)

----- "Marc Deslauriers" <marc.deslauriers () canonical com> wrote:

On Mon, 2010-07-12 at 11:00 -0600, Vincent Danen wrote:

* [2010-07-12 12:48:35 -0400] Dan Rosenberg wrote:

I believe this is identical to CVE-2010-1869
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1869).


They don't look identical to me.  Patches differ, upstream bugs differ.

Can't really do anything hands-on to test since the PoC attached to the
upstream bug is private.


The reproducer for CVE-2010-1869 does trigger it on 8.64 for me, but I
would consider it a separate issue.


We'll give it a seperate CVE id, it seems to be a different issue.

As it's from 2009:

Use CVE-2009-4897

Thanks.

-- 
    JB

Current thread:

CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
  - Re: CVE request: ghostscript Vincent Danen (Jul 12)
    - Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
    - Re: CVE request: ghostscript Marc Deslauriers (Jul 12)
    - Re: CVE request: ghostscript Josh Bressers (Jul 12)