Ubuntu CVE Tracker

Merge ~sayun/ubuntu-cve-tracker/+git/UCT:master into ubuntu-cve-tracker:master

  1. Git
  2. lp:~sayun/ubuntu-cve-tracker/+git/UCT
  3. master
  4. Merge into master
Proposed by Chris Kim
Status: Merged
Merged at revision: ba6a1cdeb31966ca3f04cf960c641565303bdebe
Proposed branch: ~sayun/ubuntu-cve-tracker/+git/UCT:master
Merge into: ubuntu-cve-tracker:master
Diff against target: 271 lines (+29/-19)
5 files modified
active/CVE-2023-52722 (+5/-3)
active/CVE-2024-29510 (+6/-4)
active/CVE-2024-33869 (+6/-4)
active/CVE-2024-33870 (+6/-4)
active/CVE-2024-33871 (+6/-4)
Reviewer Review Type Date Requested Status
Alex Murray Approve
Review via email: mp+467643@code.launchpad.net

Commit message

CVEs for ghostscript:

CVE-2023-52722
CVE-2024-29510
CVE-2024-33869
CVE-2024-33870
CVE-2024-33871

+ other retired CVEs.

To post a comment you must log in.
Revision history for this message
Alex Murray (alexmurray) wrote :

LGTM - in general it would be better to separate out the retirement of unrelated CVEs from this MR as ideally we would have each logical change separte - ie. this would just update the status of the ghostscript CVEs and retire any of these CVEs that can now be retired, and a separate MR would exist to retire the historical ones.

review: Approve
Revision history for this message
Chris Kim (sayun) wrote :

@Alex Makes sense, I will make a note to do that next time. Thank you!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/active/CVE-2023-52722 b/active/CVE-2023-52722
index 5d44968..64a3ec9 100644
--- a/active/CVE-2023-52722
+++ b/active/CVE-2023-52722
@@ -1,7 +1,9 @@
1PublicDateAtUSN: 2024-04-28 00:15:00 UTC
1Candidate: CVE-2023-527222Candidate: CVE-2023-52722
2PublicDate: 2024-04-28 00:15:00 UTC3PublicDate: 2024-04-28 00:15:00 UTC
3References:4References:
4 https://www.cve.org/CVERecord?id=CVE-2023-527225 https://www.cve.org/CVERecord?id=CVE-2023-52722
6 https://ubuntu.com/security/notices/USN-6835-1
5Description:7Description:
6 An issue was discovered in Artifex Ghostscript through 10.01.0.8 An issue was discovered in Artifex Ghostscript through 10.01.0.
7 psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the9 psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the
@@ -21,8 +23,8 @@ Patches_ghostscript:
21upstream_ghostscript: released (10.02.0~dfsg-1)23upstream_ghostscript: released (10.02.0~dfsg-1)
22esm-infra/xenial_ghostscript: needed24esm-infra/xenial_ghostscript: needed
23esm-infra/bionic_ghostscript: needed25esm-infra/bionic_ghostscript: needed
24focal_ghostscript: needed26focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
25jammy_ghostscript: needed27jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
26mantic_ghostscript: needed28mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
27noble_ghostscript: not-affected (10.02.1~dfsg1-0ubuntu7)29noble_ghostscript: not-affected (10.02.1~dfsg1-0ubuntu7)
28devel_ghostscript: not-affected (10.02.1~dfsg1-0ubuntu7)30devel_ghostscript: not-affected (10.02.1~dfsg1-0ubuntu7)
diff --git a/active/CVE-2024-29510 b/active/CVE-2024-29510
index cdd53c3..edbc7de 100644
--- a/active/CVE-2024-29510
+++ b/active/CVE-2024-29510
@@ -1,9 +1,11 @@
1PublicDateAtUSN: 2024-05-09
1Candidate: CVE-2024-295102Candidate: CVE-2024-29510
2PublicDate: 2024-05-093PublicDate: 2024-05-09
3References:4References:
4 https://www.cve.org/CVERecord?id=CVE-2024-295105 https://www.cve.org/CVERecord?id=CVE-2024-29510
5 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html6 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
6 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f (ghostpdl-10.03.1)7 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f (ghostpdl-10.03.1)
8 https://ubuntu.com/security/notices/USN-6835-1
7Description:9Description:
8 Format string injection leads to shell command execution (SAFER bypass)10 Format string injection leads to shell command execution (SAFER bypass)
9Ubuntu-Description:11Ubuntu-Description:
@@ -20,8 +22,8 @@ Patches_ghostscript:
20upstream_ghostscript: needs-triage22upstream_ghostscript: needs-triage
21esm-infra/xenial_ghostscript: needs-triage23esm-infra/xenial_ghostscript: needs-triage
22esm-infra/bionic_ghostscript: needs-triage24esm-infra/bionic_ghostscript: needs-triage
23focal_ghostscript: needs-triage25focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
24jammy_ghostscript: needs-triage26jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
25mantic_ghostscript: needs-triage27mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
26noble_ghostscript: needs-triage28noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
27devel_ghostscript: needs-triage29devel_ghostscript: needs-triage
diff --git a/active/CVE-2024-33869 b/active/CVE-2024-33869
index 98daa35..97ad1bc 100644
--- a/active/CVE-2024-33869
+++ b/active/CVE-2024-33869
@@ -1,3 +1,4 @@
1PublicDateAtUSN: 2024-05-09
1Candidate: CVE-2024-338692Candidate: CVE-2024-33869
2PublicDate: 2024-05-093PublicDate: 2024-05-09
3References:4References:
@@ -5,6 +6,7 @@ References:
5 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html6 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
6 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1)7 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=5ae2e320d69a7d0973011796bd388cd5befa1a43 (ghostpdl-10.03.1)
7 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 (ghostpdl-10.03.1)8 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f5336e5b4154f515ac83bc5b9eba94302e6618d4 (ghostpdl-10.03.1)
9 https://ubuntu.com/security/notices/USN-6835-1
8Description:10Description:
9 Path traversal and command execution due to path reduction11 Path traversal and command execution due to path reduction
10Ubuntu-Description:12Ubuntu-Description:
@@ -21,8 +23,8 @@ Patches_ghostscript:
21upstream_ghostscript: needs-triage23upstream_ghostscript: needs-triage
22esm-infra/xenial_ghostscript: needs-triage24esm-infra/xenial_ghostscript: needs-triage
23esm-infra/bionic_ghostscript: needs-triage25esm-infra/bionic_ghostscript: needs-triage
24focal_ghostscript: needs-triage26focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
25jammy_ghostscript: needs-triage27jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
26mantic_ghostscript: needs-triage28mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
27noble_ghostscript: needs-triage29noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
28devel_ghostscript: needs-triage30devel_ghostscript: needs-triage
diff --git a/active/CVE-2024-33870 b/active/CVE-2024-33870
index dc03002..686015f 100644
--- a/active/CVE-2024-33870
+++ b/active/CVE-2024-33870
@@ -1,9 +1,11 @@
1PublicDateAtUSN: 2024-05-09
1Candidate: CVE-2024-338702Candidate: CVE-2024-33870
2PublicDate: 2024-05-093PublicDate: 2024-05-09
3References:4References:
4 https://www.cve.org/CVERecord?id=CVE-2024-338705 https://www.cve.org/CVERecord?id=CVE-2024-33870
5 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html6 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
6 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)7 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=79aef19c685984dc3da2dc090450407d9fbcff80 (ghostpdl-10.03.1)
8 https://ubuntu.com/security/notices/USN-6835-1
7Description:9Description:
8 Path traversal to arbitrary files if the current directory is in the permitted paths.10 Path traversal to arbitrary files if the current directory is in the permitted paths.
9Ubuntu-Description:11Ubuntu-Description:
@@ -21,8 +23,8 @@ Patches_ghostscript:
21upstream_ghostscript: needs-triage23upstream_ghostscript: needs-triage
22esm-infra/xenial_ghostscript: needs-triage24esm-infra/xenial_ghostscript: needs-triage
23esm-infra/bionic_ghostscript: needs-triage25esm-infra/bionic_ghostscript: needs-triage
24focal_ghostscript: needs-triage26focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
25jammy_ghostscript: needs-triage27jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
26mantic_ghostscript: needs-triage28mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
27noble_ghostscript: needs-triage29noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
28devel_ghostscript: needs-triage30devel_ghostscript: needs-triage
diff --git a/active/CVE-2024-33871 b/active/CVE-2024-33871
index 598a76d..920a30f 100644
--- a/active/CVE-2024-33871
+++ b/active/CVE-2024-33871
@@ -1,9 +1,11 @@
1PublicDateAtUSN: 2024-05-09
1Candidate: CVE-2024-338712Candidate: CVE-2024-33871
2PublicDate: 2024-05-093PublicDate: 2024-05-09
3References:4References:
4 https://www.cve.org/CVERecord?id=CVE-2024-338715 https://www.cve.org/CVERecord?id=CVE-2024-33871
5 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html6 https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
6 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1)7 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 (ghostpdl-10.03.1)
8 https://ubuntu.com/security/notices/USN-6835-1
7Description:9Description:
8 OPVP device - Arbitrary code execution via custom Driver library10 OPVP device - Arbitrary code execution via custom Driver library
9Ubuntu-Description:11Ubuntu-Description:
@@ -20,8 +22,8 @@ Patches_ghostscript:
20upstream_ghostscript: needs-triage22upstream_ghostscript: needs-triage
21esm-infra/xenial_ghostscript: needs-triage23esm-infra/xenial_ghostscript: needs-triage
22esm-infra/bionic_ghostscript: needs-triage24esm-infra/bionic_ghostscript: needs-triage
23focal_ghostscript: needs-triage25focal_ghostscript: released (9.50~dfsg-5ubuntu4.12)
24jammy_ghostscript: needs-triage26jammy_ghostscript: released (9.55.0~dfsg1-0ubuntu5.7)
25mantic_ghostscript: needs-triage27mantic_ghostscript: released (10.01.2~dfsg1-0ubuntu2.3)
26noble_ghostscript: needs-triage28noble_ghostscript: released (10.02.1~dfsg1-0ubuntu7.1)
27devel_ghostscript: needs-triage29devel_ghostscript: needs-triage
diff --git a/active/CVE-2018-25032 b/retired/CVE-2018-25032
28similarity index 100%30similarity index 100%
29rename from active/CVE-2018-2503231rename from active/CVE-2018-25032
30rename to retired/CVE-2018-2503232rename to retired/CVE-2018-25032
diff --git a/active/CVE-2022-36648 b/retired/CVE-2022-36648
31similarity index 100%33similarity index 100%
32rename from active/CVE-2022-3664834rename from active/CVE-2022-36648
33rename to retired/CVE-2022-3664835rename to retired/CVE-2022-36648
diff --git a/active/CVE-2022-37434 b/retired/CVE-2022-37434
34similarity index 100%36similarity index 100%
35rename from active/CVE-2022-3743437rename from active/CVE-2022-37434
36rename to retired/CVE-2022-3743438rename to retired/CVE-2022-37434
diff --git a/active/CVE-2022-48622 b/retired/CVE-2022-48622
37similarity index 100%39similarity index 100%
38rename from active/CVE-2022-4862240rename from active/CVE-2022-48622
39rename to retired/CVE-2022-4862241rename to retired/CVE-2022-48622
diff --git a/active/CVE-2023-22745 b/retired/CVE-2023-22745
40similarity index 100%42similarity index 100%
41rename from active/CVE-2023-2274543rename from active/CVE-2023-22745
42rename to retired/CVE-2023-2274544rename to retired/CVE-2023-22745
diff --git a/active/CVE-2024-21626 b/retired/CVE-2024-21626
43similarity index 100%45similarity index 100%
44rename from active/CVE-2024-2162646rename from active/CVE-2024-21626
45rename to retired/CVE-2024-2162647rename to retired/CVE-2024-21626
diff --git a/active/CVE-2024-2410 b/retired/CVE-2024-2410
46similarity index 100%48similarity index 100%
47rename from active/CVE-2024-241049rename from active/CVE-2024-2410
48rename to retired/CVE-2024-241050rename to retired/CVE-2024-2410
diff --git a/active/CVE-2024-29040 b/retired/CVE-2024-29040
49similarity index 100%51similarity index 100%
50rename from active/CVE-2024-2904052rename from active/CVE-2024-29040
51rename to retired/CVE-2024-2904053rename to retired/CVE-2024-29040
diff --git a/active/CVE-2024-2961 b/retired/CVE-2024-2961
52similarity index 100%54similarity index 100%
53rename from active/CVE-2024-296155rename from active/CVE-2024-2961
54rename to retired/CVE-2024-296156rename to retired/CVE-2024-2961
diff --git a/active/CVE-2024-31585 b/retired/CVE-2024-31585
55similarity index 100%57similarity index 100%
56rename from active/CVE-2024-3158558rename from active/CVE-2024-31585
57rename to retired/CVE-2024-3158559rename to retired/CVE-2024-31585
diff --git a/active/CVE-2024-32752 b/retired/CVE-2024-32752
58similarity index 100%60similarity index 100%
59rename from active/CVE-2024-3275261rename from active/CVE-2024-32752
60rename to retired/CVE-2024-3275262rename to retired/CVE-2024-32752
diff --git a/active/CVE-2024-34064 b/retired/CVE-2024-34064
61similarity index 100%63similarity index 100%
62rename from active/CVE-2024-3406464rename from active/CVE-2024-34064
63rename to retired/CVE-2024-3406465rename to retired/CVE-2024-34064
diff --git a/active/CVE-2024-37885 b/retired/CVE-2024-37885
64similarity index 100%66similarity index 100%
65rename from active/CVE-2024-3788567rename from active/CVE-2024-37885
66rename to retired/CVE-2024-3788568rename to retired/CVE-2024-37885
diff --git a/active/CVE-2024-4418 b/retired/CVE-2024-4418
67similarity index 100%69similarity index 100%
68rename from active/CVE-2024-441870rename from active/CVE-2024-4418
69rename to retired/CVE-2024-441871rename to retired/CVE-2024-4418
diff --git a/active/CVE-2024-5830 b/retired/CVE-2024-5830
70similarity index 100%72similarity index 100%
71rename from active/CVE-2024-583073rename from active/CVE-2024-5830
72rename to retired/CVE-2024-583074rename to retired/CVE-2024-5830
diff --git a/active/CVE-2024-5831 b/retired/CVE-2024-5831
73similarity index 100%75similarity index 100%
74rename from active/CVE-2024-583176rename from active/CVE-2024-5831
75rename to retired/CVE-2024-583177rename to retired/CVE-2024-5831
diff --git a/active/CVE-2024-5832 b/retired/CVE-2024-5832
76similarity index 100%78similarity index 100%
77rename from active/CVE-2024-583279rename from active/CVE-2024-5832
78rename to retired/CVE-2024-583280rename to retired/CVE-2024-5832
diff --git a/active/CVE-2024-5833 b/retired/CVE-2024-5833
79similarity index 100%81similarity index 100%
80rename from active/CVE-2024-583382rename from active/CVE-2024-5833
81rename to retired/CVE-2024-583383rename to retired/CVE-2024-5833
diff --git a/active/CVE-2024-5834 b/retired/CVE-2024-5834
82similarity index 100%84similarity index 100%
83rename from active/CVE-2024-583485rename from active/CVE-2024-5834
84rename to retired/CVE-2024-583486rename to retired/CVE-2024-5834
diff --git a/active/CVE-2024-5835 b/retired/CVE-2024-5835
85similarity index 100%87similarity index 100%
86rename from active/CVE-2024-583588rename from active/CVE-2024-5835
87rename to retired/CVE-2024-583589rename to retired/CVE-2024-5835
diff --git a/active/CVE-2024-5836 b/retired/CVE-2024-5836
88similarity index 100%90similarity index 100%
89rename from active/CVE-2024-583691rename from active/CVE-2024-5836
90rename to retired/CVE-2024-583692rename to retired/CVE-2024-5836
diff --git a/active/CVE-2024-5837 b/retired/CVE-2024-5837
91similarity index 100%93similarity index 100%
92rename from active/CVE-2024-583794rename from active/CVE-2024-5837
93rename to retired/CVE-2024-583795rename to retired/CVE-2024-5837
diff --git a/active/CVE-2024-5838 b/retired/CVE-2024-5838
94similarity index 100%96similarity index 100%
95rename from active/CVE-2024-583897rename from active/CVE-2024-5838
96rename to retired/CVE-2024-583898rename to retired/CVE-2024-5838
diff --git a/active/CVE-2024-5839 b/retired/CVE-2024-5839
97similarity index 100%99similarity index 100%
98rename from active/CVE-2024-5839100rename from active/CVE-2024-5839
99rename to retired/CVE-2024-5839101rename to retired/CVE-2024-5839
diff --git a/active/CVE-2024-5840 b/retired/CVE-2024-5840
100similarity index 100%102similarity index 100%
101rename from active/CVE-2024-5840103rename from active/CVE-2024-5840
102rename to retired/CVE-2024-5840104rename to retired/CVE-2024-5840
diff --git a/active/CVE-2024-5841 b/retired/CVE-2024-5841
103similarity index 100%105similarity index 100%
104rename from active/CVE-2024-5841106rename from active/CVE-2024-5841
105rename to retired/CVE-2024-5841107rename to retired/CVE-2024-5841
diff --git a/active/CVE-2024-5842 b/retired/CVE-2024-5842
106similarity index 100%108similarity index 100%
107rename from active/CVE-2024-5842109rename from active/CVE-2024-5842
108rename to retired/CVE-2024-5842110rename to retired/CVE-2024-5842
diff --git a/active/CVE-2024-5843 b/retired/CVE-2024-5843
109similarity index 100%111similarity index 100%
110rename from active/CVE-2024-5843112rename from active/CVE-2024-5843
111rename to retired/CVE-2024-5843113rename to retired/CVE-2024-5843
diff --git a/active/CVE-2024-5844 b/retired/CVE-2024-5844
112similarity index 100%114similarity index 100%
113rename from active/CVE-2024-5844115rename from active/CVE-2024-5844
114rename to retired/CVE-2024-5844116rename to retired/CVE-2024-5844
diff --git a/active/CVE-2024-5845 b/retired/CVE-2024-5845
115similarity index 100%117similarity index 100%
116rename from active/CVE-2024-5845118rename from active/CVE-2024-5845
117rename to retired/CVE-2024-5845119rename to retired/CVE-2024-5845
diff --git a/active/CVE-2024-5846 b/retired/CVE-2024-5846
118similarity index 100%120similarity index 100%
119rename from active/CVE-2024-5846121rename from active/CVE-2024-5846
120rename to retired/CVE-2024-5846122rename to retired/CVE-2024-5846
diff --git a/active/CVE-2024-5847 b/retired/CVE-2024-5847
121similarity index 100%123similarity index 100%
122rename from active/CVE-2024-5847124rename from active/CVE-2024-5847
123rename to retired/CVE-2024-5847125rename to retired/CVE-2024-5847

Subscribers

People subscribed via source and target branches