ghostscript: CVE-2016-10220

Debian Bug report logs - #859694
ghostscript: CVE-2016-10220

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ghostscript: CVE-2016-10220

Date: Thu, 06 Apr 2017 07:55:12 +0200

Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for ghostscript.

CVE-2016-10220[0]:
| The gs_makewordimagedevice function in base/gsdevmem.c in Artifex
| Software, Inc. Ghostscript 9.20 allows remote attackers to cause a
| denial of service (NULL pointer dereference and application crash) via
| a crafted file that is mishandled in the PDF Transparency module.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10220
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697450
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=daf85701dab05f17e924a48a81edc9195b4a04e8

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #14 received at 859694@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 859662@bugs.debian.org, 859666@bugs.debian.org, 859694@bugs.debian.org, 859696@bugs.debian.org, 861295@bugs.debian.org

Subject: ghostscript: diff for NMU version 9.20~dfsg-3.1

Date: Fri, 28 Apr 2017 07:10:52 +0200

[Message part 1 (text/plain, inline)]

Control: tags 859662 + patch
Control: tags 859662 + pending
Control: tags 859666 + pending
Control: tags 859694 + pending
Control: tags 859696 + pending
Control: tags 861295 + patch
Control: tags 861295 + pending

Dear maintainer,

I've prepared an NMU for ghostscript (versioned as 9.20~dfsg-3.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Actually if possible and you agree on the debdiff/patchset an upload
earlier than the delay would be good in the light of #861295.
Regards,
Salvatore

[ghostscript-9.20~dfsg-3.1-nmu.diff (text/x-diff, attachment)]

Message #19 received at 859694-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 859694-close@bugs.debian.org

Subject: Bug#859694: fixed in ghostscript 9.20~dfsg-3.1

Date: Fri, 28 Apr 2017 09:03:57 +0000

Source: ghostscript
Source-Version: 9.20~dfsg-3.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859694@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 06:50:05 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.20~dfsg-3.1
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 859662 859666 859694 859696 861295
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.20~dfsg-3.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * -dSAFER bypass and remote command execution via a "/OutputFile  (%pipe%"
     substring (CVE-2017-8291) (Closes: #861295)
   * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
   * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
     (Closes: #859694)
   * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
     (Closes: #859666)
   * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
     (Closes: #859662)
Checksums-Sha1: 
 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc
 ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz
 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb
 fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb
Checksums-Sha256: 
 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc
 d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz
 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd5133d1e6be25 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb
 975eb0dee2daec3abec78a5a711a266e62c097f022bd311c81eec482021469f8 5160310 libgs9-common_9.20~dfsg-3.1_all.deb
Files: 
 e175a069819fb9b4427d067224117197 3025 text optional ghostscript_9.20~dfsg-3.1.dsc
 0c1e846432225a349fc8c2468782e348 114264 text optional ghostscript_9.20~dfsg-3.1.debian.tar.xz
 58c815ac983e543243491b7868dbb1fc 5630604 doc optional ghostscript-doc_9.20~dfsg-3.1_all.deb
 553fdff0bcc31e300f5c935379b2cecf 5160310 libs optional libgs9-common_9.20~dfsg-3.1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkCzw9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvcIP/2pqibgJm2OGBXZg/D4AfLfufCIlLz2e
mGWTBipJa1zcWX42jQ57bsKaQ2va7C2FFOTwDUumOKlo/TqwOmYV3irwqr2I3ihI
ILvE7CzgLf/Rfaem6BuCqUtRU0oop58iFHHp93XYvJ7wlklh6Lz7bvkzowp6ca0H
20BF4trrm9eLuT8aiPyogmvqer63IGpIgG1SbuZUE9AB0i4NgsvUZkrPd5CQN73v
ctYGACXejCIU/YF6QvmFT1i0joeideS1dNJRrxesY7f2S5cSEbEh7pueiCV9vf15
tE+iRZ7W+NoeTJwHgh5bDYL71mCCfPeD3CtSGcVqVWCVw10IP2yD8OnU8ie030cX
oslYjp3XIDtaaxzfF+MIEz7ha6hM1FQOxtQAMJhdHM9PGY0baJf0+dwa/YF/n/mO
WRAguwFnPV5cQYcyqPV1tHUkdSdQsCFu+gZfIb7SEK/b3RV8PfqdDnzSOr53V31Q
dyzhDp28lGHgymCkY19gl9WHszKWumj3OddBc6Kk9q7UHpeKmkMK9R7PYBoZUKqL
YD54sgg0tAByfyJT/wzJpkS5F4L2Z2kfyCiOCfv1bVMp1IEJy/3+iZdmm9sIl5y2
5JtyQ3rocStOHnodpIf9Ni+L9RFAmQa2xeAwRfyPsKnGY8fvdy9FumSrBXJlNyi6
5RSYeXgZB7Pm
=D0ON
-----END PGP SIGNATURE-----

Message #24 received at 859694-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 859694-close@bugs.debian.org

Subject: Bug#859694: fixed in ghostscript 9.06~dfsg-2+deb8u5

Date: Fri, 28 Apr 2017 21:02:08 +0000

Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u5

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859694@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 10:32:58 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 858350 859666 859694 859696 861295
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes:
     #859666)
   * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
     (Closes: #859694)
   * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
   * Ensure a device has raster memory, before trying to read it
     (CVE-2017-7207) (Closes: #858350)
   * -dSAFER bypass and remote command execution via a "/OutputFile  (%pipe%"
     substring (CVE-2017-8291) (Closes: #861295)
Checksums-Sha1: 
 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc
 e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz
 a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb
 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb
Checksums-Sha256: 
 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc
 a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz
 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb
 2fad4b983c3e377831bdbb41b2931b7801a5852af5e990dd73f25f0b1dedd206 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb
Files: 
 cd42658d6bb92c53893b6cc074447dd7 3044 text optional ghostscript_9.06~dfsg-2+deb8u5.dsc
 947cd7155561de35b402acc790acdc92 99820 text optional ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz
 86512a2ba1ae1616e1f684b8bed65638 5067584 doc optional ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb
 14dd4974786b18da1e7baa84714f0509 1979830 libs optional libgs9-common_9.06~dfsg-2+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkDAKJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMMoP/jOPsBQ2cXbxTb8ZbG3O8ZMPOyhWigVH
qq3gGgYXTWRez6NdSSGHNjiDCUX0NppYfiW0OqRnAAv0E1ypYQsqk/M2LBTkhMRy
D/oYFlZ2/B8RSo4/tQwCHxeUagj/AvaH7Pc6Zqf+njakhu6csz7vm2wJyAXVF/8V
wOIBTu3+61SGUijfDkXruBX3HuHTx1m53ijd73McdmmkSl6Ygs7HBjb2cfEFEDvM
BWBe6BpzVE4vzcxK+7SzLJoBgOrb50Df5ZaGdPRDcFQDMlPzmvTR8NEMFY6GIc9z
KuGDe1E+uCGGM8F+uR0xPHYlAQSkk3W6nAPNV+XunTanNuk682I29NKmSjNFQGDO
CztBciB1Ir8oK2mPfVWT/VIXuaNU4YvlOD/4dbwoXrOmWHsCbT9UsZuSkWw8niN9
/6nnD3vlQQEFkV3r0q8+VTAjf79WmI78tYE07jaj78ISbfzSJQW4DfDw3dmUnF3w
tVd9FX5PuWbj3EDnZvNVCkKi2lfNDU2BjqcT01NNOP+8E3tv3eIWuHCAMquTA6cQ
nouXe06AiBOxhKZh+lYkvJHJ9u4vZzleesqTDhfeMX0O7XHLOKVUW0FH5QQDx4To
OX5fkqwVmKCTqhWYVbzzPKvOnVNf0ZqyPGZgQe72a/Svfdk7363P9Uq4JielNjxV
ocbK4QPHpt9g
=RoV4
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.