From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: ghostscript vulnerabilities Date: Sun, 06 Nov 2016 22:38:52 +0100 Message-ID: <874m3kxp8z.fsf@gnu.org> References: <87insx37ss.fsf@gmail.com> <87mvi9l17x.fsf@gnu.org> <87a8e6jc6q.fsf@netris.org> <87twcc5m90.fsf@gmail.com> <85f3d7fe-56e2-be63-3595-929e928220ed@famille-link.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58974) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c3V9X-0003hQ-Dn for guix-devel@gnu.org; Sun, 06 Nov 2016 16:39:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c3V9U-0007rk-By for guix-devel@gnu.org; Sun, 06 Nov 2016 16:38:59 -0500 In-Reply-To: <85f3d7fe-56e2-be63-3595-929e928220ed@famille-link.fr> (Didier Link's message of "Sun, 6 Nov 2016 19:34:55 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Didier Link Cc: guix-devel@gnu.org, bug-ghostscript@gnu.org Hi Didier, Didier Link skribis: > I've just released a gnu-ghostscript point release with the CVE patches > adapted by Mark (really thanks !!!). Thank you! > For the CVE-2016-7977 I've see that the file concerned was modified in > later release of gpl-ghostscript, I will see in later release of gnu > version ;) So is GNU Ghostscript 9.14.1 still vulnerable to CVE-2016-7977? Cheers, Ludo=E2=80=99.