Daniel wrote: >> in policy.xml so they can continue their work. >> In longer-term -- if this ban continues -- we might try to ask Qt to do >> the >> conversions instead of imagemagick, but that's is definitely not for >> 2.3.1. >> Other ideas? >> Pavel >> https://www.bleepingcomputer.com/news/security/no-patch-available-yet-for-new-major-vulnerability-in-ghostscript-interpreter/ > > There seems to be a patch for it already. > > https://artifex.com/news/ghostscript-security-resolved/ > > Hopefully distros will patch and go back to normal.
These are pacthes for the vulns reported on Aug 21, but as the original report says: "These bugs were found manually, I also wrote a fuzzer and I'm working on minimizing a very large number of testcases that I'm planning to report over the next few days. I will just file those issues upstream and not post each individual one here, you can monitor https://bugs.ghostscript.com/ if you want to. I expect there to be several dozen unique bugs." So, not sure, we are already in the fixed state for what is coming. New bump of ghostscript was announced to late Sept ASFAIK. Pavel
