Bug 24292

Summary: CVE-2010-2055 - reads initialization files from current working directory
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: ghostscriptAssignee: Fr. Br. George <george>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: george, kirill, vitty
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2055

Description Vladimir Lettiev 2010-10-13 17:33:01 MSD 
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program.
Comment 1 Repository Robot 2010-10-27 14:09:20 MSD 
ghostscript-9.00-alt1 -> sisyphus:

* Tue Oct 26 2010 Vitaly Kuznetsov <vitty@altlinux> 9.00-alt1
- 9.00
- CVE-2010-2055 (ALT #24292)