1
PublicDateAtUSN: 2017-04-26
2
Candidate: CVE-2017-8291
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
6
https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799)
7
https://bugs.ghostscript.com/show_bug.cgi?id=697799
8
http://www.openwall.com/lists/oss-security/2017/04/27/10
9
https://usn.ubuntu.com/usn/usn-3272-1
11
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote
12
command execution via .rsdparams type confusion with a "/OutputFile
13
(%pipe%" substring in a crafted .eps document that is an input to the gs
14
program, as exploited in the wild in April 2017.
17
sbeattie> introduced regression (LP: #1687614); needs upstream commits
18
57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e and
19
ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
21
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295
22
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/1687614
28
upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88
29
upstream: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1
30
upstream_ghostscript: needs-triage
31
precise_ghostscript: released (9.05~dfsg-0ubuntu4.5)
32
precise/esm_ghostscript: DNE (precise was released [9.05~dfsg-0ubuntu4.5])
33
trusty_ghostscript: released (9.10~dfsg-0ubuntu10.7)
34
vivid/stable-phone-overlay_ghostscript: DNE
35
vivid/ubuntu-core_ghostscript: DNE
36
xenial_ghostscript: released (9.18~dfsg~0-0ubuntu2.4)
37
yakkety_ghostscript: released (9.19~dfsg+1-0ubuntu6.4)
38
zesty_ghostscript: released (9.19~dfsg+1-0ubuntu7.2)
39
devel_ghostscript: released (9.19~dfsg+1-0ubuntu8)