git: e73586a6d60a - main - security/vuxml: fix up ghostscript version range of CVE-2023-28879

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Sun, 23 Apr 2023 09:36:56 UTC
The branch main has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e73586a6d60ae9695b97962977807af6889b1525

commit e73586a6d60ae9695b97962977807af6889b1525
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2023-04-21 18:09:19 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2023-04-21 18:09:19 +0000

    security/vuxml: fix up ghostscript version range of CVE-2023-28879
    
    Pointy hat to:  mandree@ for misreading the quoted Artifex page
    Reported by:    Nicholas Taylor <nicholas.e.taylor@gmail.com>
    PR:             270823 (comment #3)
    Security:       CVE-2023-28879
    Security:       25872b25-da2d-11ed-b715-a1e76793953b
---
 security/vuxml/vuln/2023.xml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 7c346be72fac..6b5ae5611120 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -210,16 +210,16 @@
   <vuln vid="25872b25-da2d-11ed-b715-a1e76793953b">
     <topic>ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter</topic>
     <affects>
-      <package><name>ghostscript</name> <range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-base</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-commfont</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-jpnfont</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-korfont</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript7-x11</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript8-base</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript8-x11</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript9-agpl-base</name><range><lt>10.01.0</lt></range></package>
-      <package><name>ghostscript9-agpl-x11</name><range><lt>10.01.0</lt></range></package>
+      <package><name>ghostscript</name> <range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-base</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-commfont</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-jpnfont</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-korfont</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript7-x11</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript8-base</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript8-x11</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript9-agpl-base</name><range><lt>10.01.1</lt></range></package>
+      <package><name>ghostscript9-agpl-x11</name><range><lt>10.01.1</lt></range></package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
@@ -242,6 +242,7 @@
     <dates>
       <discovery>2023-03-23</discovery>
       <entry>2023-04-13</entry>
+      <updated>2023-04-23</updated>
     </dates>
   </vuln>