Source: ghostscript Version: 9.50~dfsg-2 Severity: grave Tags: security upstream Control: found -1 9.26a~dfsg-0+deb9u5 Control: found -1 9.26a~dfsg-0+deb9u1 Control: found -1 9.27~dfsg-2+deb10u2 Control: found -1 9.27~dfsg-1 Control: found -1 9.27~dfsg-3.1 Control: fixed -1 9.26a~dfsg-0+deb9u6 Control: fixed -1 9.27~dfsg-2+deb10u3
Hi, The following vulnerability was published for ghostscript. I can agree the severity is not exaclty matching, as for 9.50 itself, it's not anymore directly exploitable (unless with -dOLDSAFER). Still it cannot be considred fixed, only after applying [1]. CVE-2019-14869[0]: |-dSAFER escape in .charkeys If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-14869 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14869 [1] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abf [2] https://bugs.ghostscript.com/show_bug.cgi?id=701841 Regards, Salvatore
