Debian Bug report logs -
#860869
ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#860869; Package src:ghostscript.
(Fri, 21 Apr 2017 06:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Printing Team <debian-printing@lists.debian.org>.
(Fri, 21 Apr 2017 06:33:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10317[0]:
| The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex
| Software, Inc. Ghostscript 9.20 allows remote attackers to cause a
| denial of service (heap-based buffer overflow and application crash) or
| possibly have unspecified other impact via a crafted PostScript
| document.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10317
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697459
The reproducer is not yet public available, and the severity should
probably be increased due to the heap buffer overflow. But we can
ammend once more details public.
Regards,
Salvatore
Marked as found in versions ghostscript/9.22~~rc1~dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 13 Sep 2017 19:45:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#860869; Package src:ghostscript.
(Fri, 20 Apr 2018 16:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>.
(Fri, 20 Apr 2018 16:51:03 GMT) (full text, mbox, link).
Message #12 received at 860869@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 860869 + patch
Control: tags 860869 + pending
Control: tags 896069 + pending
Dear maintainer,
I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
[ghostscript-9.22~dfsg-2.1-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 860869-submit@bugs.debian.org.
(Fri, 20 Apr 2018 16:51:03 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 860869-submit@bugs.debian.org.
(Fri, 20 Apr 2018 16:51:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#860869; Package src:ghostscript.
(Fri, 20 Apr 2018 17:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonas Smedegaard <dr@jones.dk>:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>.
(Fri, 20 Apr 2018 17:27:03 GMT) (full text, mbox, link).
Message #21 received at 860869@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:
> Control: tags 860869 + patch
> Control: tags 860869 + pending
> Control: tags 896069 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.
Great, Thanks a lot!
You need not delay it at all - please feel free to drop the delay.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#860869; Package src:ghostscript.
(Fri, 20 Apr 2018 18:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>.
(Fri, 20 Apr 2018 18:15:03 GMT) (full text, mbox, link).
Message #26 received at 860869@bugs.debian.org (full text, mbox, reply):
Hi Jonas,
On Fri, Apr 20, 2018 at 07:23:22PM +0200, Jonas Smedegaard wrote:
> Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:
> > Control: tags 860869 + patch
> > Control: tags 860869 + pending
> > Control: tags 896069 + pending
> >
> > Dear maintainer,
> >
> > I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
>
> Great, Thanks a lot!
>
> You need not delay it at all - please feel free to drop the delay.
Thanks, rescheduled. I always appreciate a peer-review evne though
ghostscript is on the LowNMU list.
Can you import the changes into the archive once it is accepted into
the archive?
Regards,
Salvatore
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 20 Apr 2018 18:21:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 20 Apr 2018 18:21:05 GMT) (full text, mbox, link).
Message #31 received at 860869-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript
Source-Version: 9.22~dfsg-2.1
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 860869@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 Apr 2018 12:28:29 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.22~dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 860869 896069
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.22~dfsg-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
(Closes: #860869)
* pdfwrite - Guard against trying to output an infinite number
(CVE-2018-10194) (Closes: #896069)
Checksums-Sha1:
b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc
76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz
Checksums-Sha256:
00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 ghostscript_9.22~dfsg-2.1.dsc
b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz
Files:
6cc02bb50fd60f4046899482ed087580 2905 text optional ghostscript_9.22~dfsg-2.1.dsc
6783e389b486f699024d1c7baa6abce5 105956 text optional ghostscript_9.22~dfsg-2.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPlcP/0twvUG55IDAB7KSQn7KGrfrwVoQQeS8
HxMNgllPj7TMnFsx/OU9Kga51ay0yNGsKavnew1IwG6MjQheTfFoBw7sAWNSC0Hb
qyfvR8ly9yhE/rFPtTPaNmK1FcfF8VRXvZ/jqDrc7EW4iIz6C+rarWz03FYFyOf/
vipD7d418XVBB4ySE1wGqeTXyDYeYO9QUBDlAN9VZBDn1RdFWdqlrUdoQyrJbG1Z
Pvo6pgFGeDMtYGGfLL2vZYauGdW6oZdQAnNBYzgWjrOUJv9lE1SzSPlUdVjiWKNx
LhxaONjq9i5/GmW2IC29uC0MpFa3+SjpZF+EpI/5mInILUyLOY8VjEDIfVEE5RAX
rzoARmt81jx8VU+K1GWVRLLxpbL2ER7Ghs+n1EAlEBX4reJM3AqvXvJXC9KOB0i4
a0ISwKYJgWiYbgjuZ/m1bRnDdIpdjpp+QLDtzPgcsA7Fu+Zgh4QiTpIy+s/4Ntsy
w7NhOtMc4LyaeGO0P46hMIaiSattFaRVY5D1ZzeJ2cMA3NATgcR1l5a423OSWhqx
fXLF4z2hfP0/NIVAP1Y+Q+4gE6AZeQsH3moroGoDBKR39uhhtybr5oD3mac1ji4F
RXY6Gu6Ij6qTD8xP0LU6U3lSyCXBXCbi2j0Uv77i5nLGKpG3R4w11Nn/fHvQyi68
Yyslp/5K4uMd
=blQ1
-----END PGP SIGNATURE-----
Marked as found in versions ghostscript/9.06~dfsg-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 21 Apr 2018 06:33:15 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 24 May 2018 07:27:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:20:07 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon