Ubuntu CVE Tracker

Merge ~sayun/ubuntu-cve-tracker/+git/UCT:master into ubuntu-cve-tracker:master

  1. Git
  2. lp:~sayun/ubuntu-cve-tracker/+git/UCT
  3. master
  4. Merge into master
Proposed by Chris Kim
Status: Merged
Merged at revision: ba6a1cdeb31966ca3f04cf960c641565303bdebe
Proposed branch: ~sayun/ubuntu-cve-tracker/+git/UCT:master
Merge into: ubuntu-cve-tracker:master
Diff against target: 271 lines (+29/-19)
5 files modified
active/CVE-2023-52722 (+5/-3)
active/CVE-2024-29510 (+6/-4)
active/CVE-2024-33869 (+6/-4)
active/CVE-2024-33870 (+6/-4)
active/CVE-2024-33871 (+6/-4)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+467643@code.launchpad.net

Commit message

CVEs for ghostscript:

CVE-2023-52722
CVE-2024-29510
CVE-2024-33869
CVE-2024-33870
CVE-2024-33871

+ other retired CVEs.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - in general it would be better to separate out the retirement of unrelated CVEs from this MR as ideally we would have each logical change separte - ie. this would just update the status of the ghostscript CVEs and retire any of these CVEs that can now be retired, and a separate MR would exist to retire the historical ones.

review: Approve
Revision history for this message
Chris Kim (sayun) wrote :

@Alex Makes sense, I will make a note to do that next time. Thank you!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2023-52722 b/active/CVE-2023-52722
2index 5d44968..64a3ec9 100644
3--- a/active/CVE-2023-52722
4+++ b/active/CVE-2023-52722
5@@ -1,7 +1,9 @@
6+PublicDateAtUSN: 2024-04-28 00:15:00 UTC
7 Candidate: CVE-2023-52722
8 PublicDate: 2024-04-28 00:15:00 UTC
9 References:
10 https://www.cve.org/CVERecord?id=CVE-2023-52722
11+ https://ubuntu.com/security/notices/USN-6835-1
12 Description:
13 An issue was discovered in Artifex Ghostscript through 10.01.0.
14 psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the
15@@ -21,8 +23,8 @@ Patches_ghostscript:
16 upstream_ghostscript: released (10.02.0~dfsg-1)
17 esm-infra/xenial_ghostscript: needed
18 esm-infra/bionic_ghostscript: needed
19-focal_ghostscript: needed
20-jammy_ghostscript: needed
21-mantic_ghostscript: needed
22+focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
23+jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
24+mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
25 noble_ghostscript: not-affected (10.02.1~dfsg1-0ubuntu7)
26 devel_ghostscript: not-affected (10.02.1~dfsg1-0ubuntu7)
27diff --git a/active/CVE-2024-29510 b/active/CVE-2024-29510
28index cdd53c3..edbc7de 100644
29--- a/active/CVE-2024-29510
30+++ b/active/CVE-2024-29510
31@@ -1,9 +1,11 @@
32+PublicDateAtUSN: 2024-05-09
33 Candidate: CVE-2024-29510
34 PublicDate: 2024-05-09
35 References:
36 https://www.cve.org/CVERecord?id=CVE-2024-29510
37 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
38 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f (ghostpdl-10.03.1)
39+ https://ubuntu.com/security/notices/USN-6835-1
40 Description:
41 Format string injection leads to shell command execution (SAFER bypass)
42 Ubuntu-Description:
43@@ -20,8 +22,8 @@ Patches_ghostscript:
44 upstream_ghostscript: needs-triage
45 esm-infra/xenial_ghostscript: needs-triage
46 esm-infra/bionic_ghostscript: needs-triage
47-focal_ghostscript: needs-triage
48-jammy_ghostscript: needs-triage
49-mantic_ghostscript: needs-triage
50-noble_ghostscript: needs-triage
51+focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
52+jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
53+mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
54+noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
55 devel_ghostscript: needs-triage
56diff --git a/active/CVE-2024-33869 b/active/CVE-2024-33869
57index 98daa35..97ad1bc 100644
58--- a/active/CVE-2024-33869
59+++ b/active/CVE-2024-33869
60@@ -1,3 +1,4 @@
61+PublicDateAtUSN: 2024-05-09
62 Candidate: CVE-2024-33869
63 PublicDate: 2024-05-09
64 References:
65@@ -5,6 +6,7 @@ References:
66 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
67 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1)
68 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 (ghostpdl-10.03.1)
69+ https://ubuntu.com/security/notices/USN-6835-1
70 Description:
71 Path traversal and command execution due to path reduction
72 Ubuntu-Description:
73@@ -21,8 +23,8 @@ Patches_ghostscript:
74 upstream_ghostscript: needs-triage
75 esm-infra/xenial_ghostscript: needs-triage
76 esm-infra/bionic_ghostscript: needs-triage
77-focal_ghostscript: needs-triage
78-jammy_ghostscript: needs-triage
79-mantic_ghostscript: needs-triage
80-noble_ghostscript: needs-triage
81+focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
82+jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
83+mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
84+noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
85 devel_ghostscript: needs-triage
86diff --git a/active/CVE-2024-33870 b/active/CVE-2024-33870
87index dc03002..686015f 100644
88--- a/active/CVE-2024-33870
89+++ b/active/CVE-2024-33870
90@@ -1,9 +1,11 @@
91+PublicDateAtUSN: 2024-05-09
92 Candidate: CVE-2024-33870
93 PublicDate: 2024-05-09
94 References:
95 https://www.cve.org/CVERecord?id=CVE-2024-33870
96 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
97 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)
98+ https://ubuntu.com/security/notices/USN-6835-1
99 Description:
100 Path traversal to arbitrary files if the current directory is in the permitted paths.
101 Ubuntu-Description:
102@@ -21,8 +23,8 @@ Patches_ghostscript:
103 upstream_ghostscript: needs-triage
104 esm-infra/xenial_ghostscript: needs-triage
105 esm-infra/bionic_ghostscript: needs-triage
106-focal_ghostscript: needs-triage
107-jammy_ghostscript: needs-triage
108-mantic_ghostscript: needs-triage
109-noble_ghostscript: needs-triage
110+focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
111+jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
112+mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
113+noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
114 devel_ghostscript: needs-triage
115diff --git a/active/CVE-2024-33871 b/active/CVE-2024-33871
116index 598a76d..920a30f 100644
117--- a/active/CVE-2024-33871
118+++ b/active/CVE-2024-33871
119@@ -1,9 +1,11 @@
120+PublicDateAtUSN: 2024-05-09
121 Candidate: CVE-2024-33871
122 PublicDate: 2024-05-09
123 References:
124 https://www.cve.org/CVERecord?id=CVE-2024-33871
125 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
126 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1)
127+ https://ubuntu.com/security/notices/USN-6835-1
128 Description:
129 OPVP device - Arbitrary code execution via custom Driver library
130 Ubuntu-Description:
131@@ -20,8 +22,8 @@ Patches_ghostscript:
132 upstream_ghostscript: needs-triage
133 esm-infra/xenial_ghostscript: needs-triage
134 esm-infra/bionic_ghostscript: needs-triage
135-focal_ghostscript: needs-triage
136-jammy_ghostscript: needs-triage
137-mantic_ghostscript: needs-triage
138-noble_ghostscript: needs-triage
139+focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
140+jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
141+mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
142+noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
143 devel_ghostscript: needs-triage
144diff --git a/active/CVE-2018-25032 b/retired/CVE-2018-25032
145similarity index 100%
146rename from active/CVE-2018-25032
147rename to retired/CVE-2018-25032
148diff --git a/active/CVE-2022-36648 b/retired/CVE-2022-36648
149similarity index 100%
150rename from active/CVE-2022-36648
151rename to retired/CVE-2022-36648
152diff --git a/active/CVE-2022-37434 b/retired/CVE-2022-37434
153similarity index 100%
154rename from active/CVE-2022-37434
155rename to retired/CVE-2022-37434
156diff --git a/active/CVE-2022-48622 b/retired/CVE-2022-48622
157similarity index 100%
158rename from active/CVE-2022-48622
159rename to retired/CVE-2022-48622
160diff --git a/active/CVE-2023-22745 b/retired/CVE-2023-22745
161similarity index 100%
162rename from active/CVE-2023-22745
163rename to retired/CVE-2023-22745
164diff --git a/active/CVE-2024-21626 b/retired/CVE-2024-21626
165similarity index 100%
166rename from active/CVE-2024-21626
167rename to retired/CVE-2024-21626
168diff --git a/active/CVE-2024-2410 b/retired/CVE-2024-2410
169similarity index 100%
170rename from active/CVE-2024-2410
171rename to retired/CVE-2024-2410
172diff --git a/active/CVE-2024-29040 b/retired/CVE-2024-29040
173similarity index 100%
174rename from active/CVE-2024-29040
175rename to retired/CVE-2024-29040
176diff --git a/active/CVE-2024-2961 b/retired/CVE-2024-2961
177similarity index 100%
178rename from active/CVE-2024-2961
179rename to retired/CVE-2024-2961
180diff --git a/active/CVE-2024-31585 b/retired/CVE-2024-31585
181similarity index 100%
182rename from active/CVE-2024-31585
183rename to retired/CVE-2024-31585
184diff --git a/active/CVE-2024-32752 b/retired/CVE-2024-32752
185similarity index 100%
186rename from active/CVE-2024-32752
187rename to retired/CVE-2024-32752
188diff --git a/active/CVE-2024-34064 b/retired/CVE-2024-34064
189similarity index 100%
190rename from active/CVE-2024-34064
191rename to retired/CVE-2024-34064
192diff --git a/active/CVE-2024-37885 b/retired/CVE-2024-37885
193similarity index 100%
194rename from active/CVE-2024-37885
195rename to retired/CVE-2024-37885
196diff --git a/active/CVE-2024-4418 b/retired/CVE-2024-4418
197similarity index 100%
198rename from active/CVE-2024-4418
199rename to retired/CVE-2024-4418
200diff --git a/active/CVE-2024-5830 b/retired/CVE-2024-5830
201similarity index 100%
202rename from active/CVE-2024-5830
203rename to retired/CVE-2024-5830
204diff --git a/active/CVE-2024-5831 b/retired/CVE-2024-5831
205similarity index 100%
206rename from active/CVE-2024-5831
207rename to retired/CVE-2024-5831
208diff --git a/active/CVE-2024-5832 b/retired/CVE-2024-5832
209similarity index 100%
210rename from active/CVE-2024-5832
211rename to retired/CVE-2024-5832
212diff --git a/active/CVE-2024-5833 b/retired/CVE-2024-5833
213similarity index 100%
214rename from active/CVE-2024-5833
215rename to retired/CVE-2024-5833
216diff --git a/active/CVE-2024-5834 b/retired/CVE-2024-5834
217similarity index 100%
218rename from active/CVE-2024-5834
219rename to retired/CVE-2024-5834
220diff --git a/active/CVE-2024-5835 b/retired/CVE-2024-5835
221similarity index 100%
222rename from active/CVE-2024-5835
223rename to retired/CVE-2024-5835
224diff --git a/active/CVE-2024-5836 b/retired/CVE-2024-5836
225similarity index 100%
226rename from active/CVE-2024-5836
227rename to retired/CVE-2024-5836
228diff --git a/active/CVE-2024-5837 b/retired/CVE-2024-5837
229similarity index 100%
230rename from active/CVE-2024-5837
231rename to retired/CVE-2024-5837
232diff --git a/active/CVE-2024-5838 b/retired/CVE-2024-5838
233similarity index 100%
234rename from active/CVE-2024-5838
235rename to retired/CVE-2024-5838
236diff --git a/active/CVE-2024-5839 b/retired/CVE-2024-5839
237similarity index 100%
238rename from active/CVE-2024-5839
239rename to retired/CVE-2024-5839
240diff --git a/active/CVE-2024-5840 b/retired/CVE-2024-5840
241similarity index 100%
242rename from active/CVE-2024-5840
243rename to retired/CVE-2024-5840
244diff --git a/active/CVE-2024-5841 b/retired/CVE-2024-5841
245similarity index 100%
246rename from active/CVE-2024-5841
247rename to retired/CVE-2024-5841
248diff --git a/active/CVE-2024-5842 b/retired/CVE-2024-5842
249similarity index 100%
250rename from active/CVE-2024-5842
251rename to retired/CVE-2024-5842
252diff --git a/active/CVE-2024-5843 b/retired/CVE-2024-5843
253similarity index 100%
254rename from active/CVE-2024-5843
255rename to retired/CVE-2024-5843
256diff --git a/active/CVE-2024-5844 b/retired/CVE-2024-5844
257similarity index 100%
258rename from active/CVE-2024-5844
259rename to retired/CVE-2024-5844
260diff --git a/active/CVE-2024-5845 b/retired/CVE-2024-5845
261similarity index 100%
262rename from active/CVE-2024-5845
263rename to retired/CVE-2024-5845
264diff --git a/active/CVE-2024-5846 b/retired/CVE-2024-5846
265similarity index 100%
266rename from active/CVE-2024-5846
267rename to retired/CVE-2024-5846
268diff --git a/active/CVE-2024-5847 b/retired/CVE-2024-5847
269similarity index 100%
270rename from active/CVE-2024-5847
271rename to retired/CVE-2024-5847

Subscribers

People subscribed via source and target branches