Back to bug 1383940
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Cedric Buissart | 2016-10-12 08:18:31 UTC | Blocks | 1380329 | |
| Cedric Buissart | 2016-10-12 08:18:53 UTC | Depends On | 1383941 | |
| Cedric Buissart | 2016-10-12 09:51:34 UTC | Whiteboard | impact=important,public=20161008,reported=20161008,source=researcher,cvss3=7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=important,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-12 09:51:44 UTC | Whiteboard | impact=important,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-12 09:51:53 UTC | Severity | high | medium |
| Cedric Buissart | 2016-10-12 09:52:01 UTC | Priority | high | medium |
| David Kaspar // Dee'Kej | 2016-10-12 12:09:40 UTC | Status | NEW | ASSIGNED |
| Andrej Nemec | 2016-10-13 07:16:47 UTC | CC | anemec | |
| Whiteboard | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | ||
| Norman Sardella | 2016-10-13 12:47:37 UTC | CC | sardella | |
| Cedric Buissart | 2016-10-14 13:30:06 UTC | Doc Text | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. An attacker could send a maliciously crafted postscript file for processing and trigger a crash, or execute arbitrary code in the context of the ghostscript process. | |
| Cedric Buissart | 2016-10-25 08:32:14 UTC | Whiteboard | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=affected,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-26 15:55:19 UTC | Whiteboard | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=affected,fedora-all/ghostscript=affected | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-10-31 16:06:48 UTC | Depends On | 1390299 | |
| Cedric Buissart | 2016-10-31 16:06:54 UTC | Depends On | 1390300 | |
| Cedric Buissart | 2016-10-31 16:08:40 UTC | Depends On | 1390301 | |
| Cedric Buissart | 2016-10-31 16:08:47 UTC | Depends On | 1390302 | |
| David Kaspar // Dee'Kej | 2016-11-22 11:21:48 UTC | Status | ASSIGNED | NEW |
| Cedric Buissart | 2016-11-24 14:24:46 UTC | Whiteboard | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
| Cedric Buissart | 2016-11-28 16:41:25 UTC | Doc Text | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. An attacker could send a maliciously crafted postscript file for processing and trigger a crash, or execute arbitrary code in the context of the ghostscript process. | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. An attacker could send a maliciously crafted postscript file for processing and trigger a crash, or execute arbitrary code in the context of the gs process. |
| Cedric Buissart | 2016-11-28 16:52:04 UTC | Doc Text | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. An attacker could send a maliciously crafted postscript file for processing and trigger a crash, or execute arbitrary code in the context of the gs process. | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted ghoscript document could cause a crash, or execute arbitrary code in the context of the gs process. |
| Cedric Buissart | 2016-11-28 16:58:33 UTC | Doc Text | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted ghoscript document could cause a crash, or execute arbitrary code in the context of the gs process. | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postcript document could cause a crash, or execute arbitrary code in the context of the gs process. |
| Eric Christensen | 2016-11-29 14:41:18 UTC | Doc Text | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postcript document could cause a crash, or execute arbitrary code in the context of the gs process. | It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. |
| Cedric Buissart | 2017-01-04 11:11:17 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-04 06:11:17 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=moderate,public=20161008,reported=20161008,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-20,rhel-5/ghostscript=wontfix,rhel-6/ghostscript=affected,rhel-7/ghostscript=affected,openshift-enterprise-2/ghostscript=wontfix,fedora-all/ghostscript=affected |
Back to bug 1383940