Date: Thu, 13 Apr 2023 19:20:17 GMT From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: fde757cb0304 - main - security/vuxml: ghostscript < 10.01.1 buffer overflow Message-ID: <202304131920.33DJKHdG040295@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=fde757cb030425429db6ec928cb04cf365c8e1df commit fde757cb030425429db6ec928cb04cf365c8e1df Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2023-04-13 19:16:47 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2023-04-13 19:20:07 +0000 security/vuxml: ghostscript < 10.01.1 buffer overflow Security: 25872b25-da2d-11ed-b715-a1e76793953b Security: CVE-2023-28879 --- security/vuxml/vuln/2023.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index fb525b701160..c3ca8728e446 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,41 @@ + <vuln vid="25872b25-da2d-11ed-b715-a1e76793953b"> + <topic>ghostscript10 -- exploitable buffer overflow</topic> + <affects> + <package><name>ghostscript</name> <range><lt>10.01.0</lt></range></package> + <package><name>ghostscript7-base</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript7-commfont</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript7-jpnfont</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript7-korfont</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript7-x11</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript8-base</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript8-x11</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript9-agpl-base</name><range><lt>10.01.0</lt></range></package> + <package><name>ghostscript9-agpl-x11</name><range><lt>10.01.0</lt></range></package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>cve@mitre.org reports:</p> + <blockquote cite="http://www.openwall.com/lists/oss-security/2023/04/12/4">; + <p>In Artifex Ghostscript through 10.01.0, there is a buffer overflow + leading to potential corruption of data internal to the PostScript + interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, + TBCPEncode, and TBCPDecode. If the write buffer is filled to one + byte less than full, and one then tries to write an escaped character, + two bytes are written.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-28879</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2023-28879</url>; + <url>https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript</url>; + </references> + <dates> + <discovery>2023-03-23</discovery> + <entry>2023-04-13</entry> + </dates> + </vuln> + <vuln vid="96d6809a-81df-46d4-87ed-2f78c79f06b1"> <topic>zeek -- potential DoS vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304131920.33DJKHdG040295>