[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#32663] [PATCH 0/2] Ghostscript fixes
|
From: |
Marius Bakke |
|
Subject: |
[bug#32663] [PATCH 0/2] Ghostscript fixes |
|
Date: |
Sun, 09 Sep 2018 14:27:39 +0200 |
|
User-agent: |
Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) |
Leo Famulari <address@hidden> writes:
> On Sat, Sep 08, 2018 at 01:08:16PM +0200, Marius Bakke wrote:
>> These patches aim to fix the recent security issues in Ghostscript.
>> I have verified that the reproducers in
>> <https://bugs.chromium.org/p/project-zero/issues/detail?id=1640> no
>> longer work with these patches.
>>
>> Marius Bakke (2):
>> gnu: jbig2dec: Replace with 0.15 [security fixes].
>> gnu: ghostscript: Update replacement to 9.24 [security fixes].
>
> Thanks! Looks good to me assuming Ghostscript 9.24 is ABI compatible
> with 9.23.
There are changes[0], but they are internal to the library and so
*should* be harmless. Unfortunately I haven't been able to get the
--drop-private-types or --harmless options of abidiff working.
The same goes for jbig2dec, although it's more complicated since it
includes a static library (to be removed on core-updates). It does not
look like any of the consumers actually use it, though.
Will push this after some more testing, as well as including the patch
suggested by Tavis on oss-sec.
[0] <https://bugs.gnu.org/32670>
signature.asc
Description: PGP signature