[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284
From:       Jordan Glover <Golden_Miller83 () protonmail ! ch>
Date:       2018-10-18 13:25:29
Message-ID: SHcYHexZFIPEzxu783h1FvPmnsUAwkTcsBunOplth1OaHsV-kE1uNS6roHC9sojsMJxQE2yOQoj-BBCc2qWNdb09Yrb-rwTVu1nAJgT7ZO0= () protonmail ! ch
[Download RAW message or body]

[Attachment #2 (text/plain)]

------- Original Message -------
On Thursday, October 18, 2018 2:32 PM, Tavis Ormandy <taviso@google.com> wrote:

> On Thu, Oct 18, 2018 at 3:51 AM Jordan Glover <Golden_Miller83@protonmail.ch> wrote:
>
>> Do you know if upstream is going to make new release soon or distros should take the
>> pain and backport all of those themselves?
>
> AFAIK upstream only makes quarterly releases, so I think you need to backport.
>
> Tavis.

In normal, boring times yes but 9.25 was available just 10 days after 9.24 as urgent security
release and it seems it was still not enough.

Jordan

[prev in list] [next in list] [prev in thread] [next in thread]