Fedora has issued an advisory on August 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ERSZX5LKDWAHZWJYBMP2E2UHOPUCDEGV/ The issue is fixed upstream in 9.56.1.
I'm working on it.
CC: (none) => jean-pierre
Hi, Please do not update to 9.56.1 because that might cause printing issues, for instance. The good method is to add or backport the patch(es) solving the CVE. Best regards.
Hi, There is no patch available for our version (9.53.3). The source code is too different (for me at least) to adapt a patch with the one publishing by the editor.
It's a one-line change. Does our version not have something similar? https://git.ghostscript.com/?p=ghostpdl.git;a=blobdiff;f=base/gdevmx.c;h=89e9ff774583afaf53f0f80ec75cdca439cb56b6;hp=08b0cbcfe1afc14a6cf34bbc16d71af44cbc0171;hb=ae1061d948d88667bdf51d47d918c4684d0f67df;hpb=b3173bfc5f5d60adcb80c10d7ce4cdd1492dfea9
I didn't found it and the source code is really different (different call structure for mem_device and mem_initialize_device_procs doesn't exist).
I guess we'll have to see if another distro backports a fix for this (if 9.53 is affected).
Regarding debian, 9.53.3 is vulnerable. https://security-tracker.debian.org/tracker/CVE-2022-2085 I dug in other distros without no result.
Ubuntu has issued an advisory for this on September 27: https://ubuntu.com/security/notices/USN-5643-1
Hi, Debian (https://security-tracker.debian.org/tracker/CVE-2022-2085) now says: """ Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;h=6f332dd0baee0135ebff0bf25c56e9adff0f944a (ghostpdl-9.55.0rc1) """ So I think the version of ghostscript in Mageia 8 is not affected. Best regards,
Thanks.
Resolution: (none) => INVALIDStatus: NEW => RESOLVED