Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 23 Apr 2023 09:36:56 GMT
From:      Matthias Andree <mandree@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: e73586a6d60a - main - security/vuxml: fix up ghostscript version range of CVE-2023-28879
Message-ID:  <202304230936.33N9au1d003501@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e73586a6d60ae9695b97962977807af6889b1525

commit e73586a6d60ae9695b97962977807af6889b1525
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-04-21 18:09:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-04-21 18:09:19 +0000

    security/vuxml: fix up ghostscript version range of CVE-2023-28879
    
    Pointy hat to:  mandree@ for misreading the quoted Artifex page
    Reported by:    Nicholas Taylor <nicholas.e.taylor@gmail.com>
    PR:             270823 (comment #3)
    Security:       CVE-2023-28879
    Security:       25872b25-da2d-11ed-b715-a1e76793953b
---
 security/vuxml/vuln/2023.xml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 7c346be72fac..6b5ae5611120 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -210,16 +210,16 @@
   <vuln vid="25872b25-da2d-11ed-b715-a1e76793953b">
     <topic>ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter</topic>
     <affects>
-      <package><name>ghostscript</name> <range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-base</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-commfont</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-jpnfont</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-korfont</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-x11</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript8-base</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript8-x11</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript9-agpl-base</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript9-agpl-x11</name><range><lt>10.01.0</lt></range></package>
+      <package><name>ghostscript</name> <range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-base</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-commfont</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-jpnfont</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-korfont</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-x11</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript8-base</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript8-x11</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript9-agpl-base</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript9-agpl-x11</name><range><lt>10.01.1</lt></range></package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">;
@@ -242,6 +242,7 @@
     <dates>
       <discovery>2023-03-23</discovery>
       <entry>2023-04-13</entry>
+      <updated>2023-04-23</updated>
     </dates>
   </vuln>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304230936.33N9au1d003501>