Bug 27037 - ghostscript new security issue CVE-2020-15900
Summary: ghostscript new security issue CVE-2020-15900
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-05 00:12 CEST by David Walser
Modified: 2020-08-07 10:36 CEST (History)
1 user (show)

See Also:
Source RPM: ghostscript-9.52-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-08-05 00:12:42 CEST 
Ubuntu has issued an advisory on August 3:
https://ubuntu.com/security/notices/USN-4445-1

Mageia 7 is also affected.
David Walser 2020-08-05 00:12:50 CEST

Whiteboard: (none) => MGA7TOO

Comment 1 David Walser 2020-08-05 00:55:40 CEST 
openSUSE has issued an advisory for this today (August 4):
https://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html
Comment 2 Lewis Smith 2020-08-05 20:04:17 CEST 
Having to assign this globally as Ghostscript has no evident maintainer.

Assignee: bugsquad => pkg-bugs

Comment 3 Nicolas Salguero 2020-08-06 08:33:28 CEST 
It seems only versions 8.5x are affected: https://security-tracker.debian.org/tracker/CVE-2020-15900

Whiteboard: MGA7TOO => (none)
CC: (none) => nicolas.salguero

Comment 4 Nicolas Salguero 2020-08-07 10:36:03 CEST 
Hi,

ghostscript-9.52-2.mga8 and ghostpcl-9.52-2.mga8 fix that issue.

Best regards,

Nico

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.