Back to bug 1380327
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-09-29 10:04:40 UTC | Blocks | 1380329 | |
| Salvatore Bonaccorso | 2016-10-03 08:42:03 UTC | CC | carnil | |
| Cedric Buissart | 2016-10-04 15:58:25 UTC | Whiteboard | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=new,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=notaffected | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=notaffected |
| Cedric Buissart | 2016-10-06 10:01:48 UTC | Whiteboard | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=new,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=notaffected | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=notaffected |
| David Kaspar // Dee'Kej | 2016-10-07 12:37:00 UTC | Depends On | 1380415 | |
| Cedric Buissart | 2016-10-11 16:00:21 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-10-12 13:20:00 UTC | Whiteboard | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=new,fedora-all/ghostscript=notaffected | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-18 10:08:11 UTC | Whiteboard | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=new,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-18 13:14:08 UTC | Doc Text | It was found that ghostscript's -dSAFER option, usually used by scripts when processing untrusted documents, did not prevent the functions getenv and filenameforall to access the machine's environment, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and gain information regarding the target's environment. | |
| Cedric Buissart | 2016-10-18 13:21:50 UTC | Doc Text | It was found that ghostscript's -dSAFER option, usually used by scripts when processing untrusted documents, did not prevent the functions getenv and filenameforall to access the machine's environment, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and gain information regarding the target's environment. | It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and gain information regarding the target's environment. |
| Cedric Buissart | 2016-10-18 13:32:01 UTC | Doc Text | It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and gain information regarding the target's environment. | It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and gain information, environment variable and directory listing respectively, from the target. |
| Cedric Buissart | 2016-10-26 15:53:02 UTC | Whiteboard | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-31 16:06:48 UTC | Depends On | 1390299 | |
| Cedric Buissart | 2016-10-31 16:06:54 UTC | Depends On | 1390300 | |
| Cedric Buissart | 2016-10-31 16:08:40 UTC | Depends On | 1390301 | |
| Cedric Buissart | 2016-10-31 16:08:47 UTC | Depends On | 1390302 | |
| Cedric Buissart | 2016-11-01 08:41:53 UTC | Depends On | 1390486 | |
| David Kaspar // Dee'Kej | 2016-11-01 14:35:12 UTC | Depends On | 1380415 | |
| David Kaspar // Dee'Kej | 2016-11-04 15:46:11 UTC | Status | NEW | ASSIGNED |
| Tomas Hoger | 2016-11-04 15:54:47 UTC | Status | ASSIGNED | NEW |
| David Kaspar // Dee'Kej | 2016-11-07 17:16:59 UTC | CC | amaris | |
| Flags | needinfo?(amaris) | |||
| Adam Mariš | 2016-11-08 08:10:51 UTC | Flags | needinfo?(amaris) | needinfo?(cbuissar) |
| Cedric Buissart | 2016-11-08 11:54:32 UTC | Flags | needinfo?(cbuissar) | |
| Adam Mariš | 2016-11-08 15:57:47 UTC | CC | amaris | |
| Cedric Buissart | 2016-11-28 17:07:57 UTC | Doc Text | It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used by scripts when processing untrusted documents, leading to information disclosure. An attacker could use this flaw to send a specially crafted postscript document for processing and gain information, environment variable and directory listing respectively, from the target. | It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, from the target. |
| Cedric Buissart | 2017-01-04 11:10:03 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-04 06:10:03 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:05 UTC | Whiteboard | impact=moderate,public=20131021,reported=20160928,source=oss-security,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
Back to bug 1380327