[bts-link] source package ghostscript
bts-link-upstream at lists.alioth.debian.org
bts-link-upstream at lists.alioth.debian.org
Mon Oct 10 17:34:05 UTC 2016
#
# bts-link upstream status pull for source package ghostscript
# see http://lists.debian.org/debian-devel-announce/2006/05/msg00001.html
#
user bts-link-upstream at lists.alioth.debian.org
# remote status report for #839260 (http://bugs.debian.org/839260)
# Bug title: ghostscript: CVE-2016-7976: various userparams allow %pipe% in paths, allowing remote shell command execution
# * http://bugs.ghostscript.com/show_bug.cgi?id=697178
# * remote status changed: (?) -> RESOLVED
# * remote resolution changed: (?) -> FIXED
# * closed upstream
tags 839260 + fixed-upstream
usertags 839260 + status-RESOLVED resolution-FIXED
# remote status report for #839841 (http://bugs.debian.org/839841)
# Bug title: ghostscript: CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing remote file disclosure
# * http://bugs.ghostscript.com/show_bug.cgi?id=697169
# * remote status changed: (?) -> RESOLVED
# * remote resolution changed: (?) -> FIXED
# * closed upstream
tags 839841 + fixed-upstream
usertags 839841 + status-RESOLVED resolution-FIXED
thanks
More information about the Bts-link-upstream
mailing list