Back to bug 2002271
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Cedric Buissart | 2021-09-08 11:46:13 UTC | CC | security-response-team | |
| Cedric Buissart | 2021-09-08 11:49:29 UTC | Summary | EMBARGOED ghoscript: sandbox escape in the file operation | EMBARGOED ghostcript: sandbox escape in the file operation |
| Cedric Buissart | 2021-09-08 14:21:20 UTC | Summary | EMBARGOED ghostcript: sandbox escape in the file operation | EMBARGOED ghostcript: sandbox escape in the 'file' operation |
| Cedric Buissart | 2021-09-08 14:23:01 UTC | Comment | 0 | updated |
| Cedric Buissart | 2021-09-08 14:23:21 UTC | Summary | EMBARGOED ghostcript: sandbox escape in the 'file' operation | EMBARGOED ghostcript: sandbox escape in the 'file' operator |
| Marian Rehak | 2021-09-09 10:43:38 UTC | Alias | CVE-2021-3781 | |
| Summary | EMBARGOED ghostcript: sandbox escape in the 'file' operator | EMBARGOED CVE-2021-3781 ghostcript: sandbox escape in the 'file' operator | ||
| Marian Rehak | 2021-09-09 10:44:28 UTC | Blocks | 2002605 | |
| Cedric Buissart | 2021-09-09 11:38:59 UTC | Blocks | 2002605 | 2002161 |
| Cedric Buissart | 2021-09-09 11:40:06 UTC | Depends On | 2002625 | |
| RaTasha Tillery-Smith | 2021-09-09 12:13:05 UTC | Doc Text | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostcript interpreter via the 'file' operator. This flaw allows a specially crafted document to execute a command on the system in the context of the ghostcsript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |
| Cedric Buissart | 2021-09-10 09:26:25 UTC | Deadline | 2021-09-13 | 2021-09-10 |
| Cedric Buissart | 2021-09-10 10:56:32 UTC | Deadline | 2021-09-10 | |
| Summary | EMBARGOED CVE-2021-3781 ghostcript: sandbox escape in the 'file' operator | CVE-2021-3781 ghostcript: sandbox escape in the 'file' operator | ||
| CC | akhaitovich, mjg, mosvald, zdohnal | |||
| Group | qe_staff, security | |||
| Cedric Buissart | 2021-09-10 10:57:42 UTC | Depends On | 2003085 | |
| Cedric Buissart | 2021-09-10 11:49:53 UTC | Summary | CVE-2021-3781 ghostcript: sandbox escape in the 'file' operator | CVE-2021-3781 ghostcript: sandbox escape using '%pipe%' |
| Cedric Buissart | 2021-09-10 11:54:42 UTC | Comment | 0 | updated |
| Cedric Buissart | 2021-09-10 11:59:29 UTC | Comment | 0 | updated |
| Cedric Buissart | 2021-09-10 14:18:19 UTC | Doc Text | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostcript interpreter via the 'file' operator. This flaw allows a specially crafted document to execute a command on the system in the context of the ghostcsript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter via the 'file' operator. This flaw allows a specially crafted document to execute a command on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
| Cedric Buissart | 2021-09-10 14:19:09 UTC | Doc Text | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter via the 'file' operator. This flaw allows a specially crafted document to execute a command on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute a command on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
| Cedric Buissart | 2021-09-10 14:27:45 UTC | Summary | CVE-2021-3781 ghostcript: sandbox escape using '%pipe%' | CVE-2021-3781 ghostscript: sandbox escape using '%pipe%' |
| Cedric Buissart | 2021-09-10 14:28:34 UTC | Blocks | 2002801 | |
| CC | psampaio | |||
| Cedric Buissart | 2021-09-10 14:49:04 UTC | Doc Text | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute a command on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
| kyoneyama | 2021-09-13 00:22:33 UTC | CC | kyoneyam | |
| Yasuhiro Ozone | 2021-09-16 21:48:29 UTC | CC | yozone | |
| Cedric Buissart | 2021-09-21 09:28:34 UTC | Fixed In Version | ghostpdl 9.55.0 | |
| Cedric Buissart | 2021-09-21 09:35:46 UTC | Blocks | 2002801 | |
| Cedric Buissart | 2021-09-21 11:31:51 UTC | Comment | 0 | updated |
| Cedric Buissart | 2021-10-29 07:25:03 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2021-10-29 07:25:03 UTC | |||
| TEJ RATHI | 2022-02-28 13:12:20 UTC | Blocks | 2002605 |
Back to bug 2002271