Bug 27037

Summary: ghostscript new security issue CVE-2020-15900
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ghostscript-9.52-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2020-08-05 00:12:42 CEST 
Ubuntu has issued an advisory on August 3:
https://ubuntu.com/security/notices/USN-4445-1

Mageia 7 is also affected.
David Walser 2020-08-05 00:12:50 CEST

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2020-08-05 00:55:40 CEST 
openSUSE has issued an advisory for this today (August 4):
https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html
Comment 2 Lewis Smith 2020-08-05 20:04:17 CEST 
Having to assign this globally as Ghostscript has no evident maintainer.

Assignee: bugsquad => pkg-bugs

Comment 3 Nicolas Salguero 2020-08-06 08:33:28 CEST 
It seems only versions 8.5x are affected: https://security-tracker.debian.org/tracker/CVE-2020-15900

Whiteboard: MGA7TOO => (none)
CC: (none) => nicolas.salguero

Comment 4 Nicolas Salguero 2020-08-07 10:36:03 CEST 
Hi,

ghostscript-9.52-2.mga8 and ghostpcl-9.52-2.mga8 fix that issue.

Best regards,

Nico

Resolution: (none) => FIXED
Status: NEW => RESOLVED