[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284
From: Jordan Glover <Golden_Miller83 () protonmail ! ch>
Date: 2018-10-18 13:25:29
Message-ID: SHcYHexZFIPEzxu783h1FvPmnsUAwkTcsBunOplth1OaHsV-kE1uNS6roHC9sojsMJxQE2yOQoj-BBCc2qWNdb09Yrb-rwTVu1nAJgT7ZO0= () protonmail ! ch
[Download RAW message or body]
[Attachment #2 (text/plain)]
------- Original Message -------
On Thursday, October 18, 2018 2:32 PM, Tavis Ormandy <taviso@google.com> wrote:
> On Thu, Oct 18, 2018 at 3:51 AM Jordan Glover <Golden_Miller83@protonmail.ch> wrote:
>
>> Do you know if upstream is going to make new release soon or distros should take the
>> pain and backport all of those themselves?
>
> AFAIK upstream only makes quarterly releases, so I think you need to backport.
>
> Tavis.
In normal, boring times yes but 9.25 was available just 10 days after 9.24 as urgent security
release and it seems it was still not enough.
Jordan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic