Debian Bug report logs -
#869910
ghostscript: CVE-2017-9739: heap-buffer-overflow in Ins_JMPR
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 27 Jul 2017 14:57:04 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in version ghostscript/9.06~dfsg-1
Fixed in versions ghostscript/9.20~dfsg-3.2+deb9u1, ghostscript/9.22~dfsg-1, ghostscript/9.06~dfsg-2+deb8u6, ghostscript/9.22~~rc1~dfsg-1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://bugs.ghostscript.com/show_bug.cgi?id=698063
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Printing Team <debian-printing@lists.debian.org>:
Bug#869910; Package src:ghostscript.
(Thu, 27 Jul 2017 14:57:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Printing Team <debian-printing@lists.debian.org>.
(Thu, 27 Jul 2017 14:57:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: ghostscript
Version: 9.06~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698063
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9739[0]:
| The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript
| GhostXPS 9.22 allows remote attackers to cause a denial of service
| (heap-based buffer over-read and application crash) or possibly have
| unspecified other impact via a crafted document.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9739
[1] https://bugs.ghostscript.com/show_bug.cgi?id=698063
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c501a58f
Regards,
Salvatore
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 27 Jul 2017 15:33:03 GMT) (full text, mbox, link).
Marked as fixed in versions ghostscript/9.22~~rc1~dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 13 Sep 2017 19:18:02 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 30 Sep 2017 18:51:12 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 30 Sep 2017 18:51:12 GMT) (full text, mbox, link).
Message #14 received at 869910-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript
Source-Version: 9.20~dfsg-3.2+deb9u1
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869910@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Sep 2017 21:47:33 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.20~dfsg-3.2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 869907 869910 869913 869915 869916 869917 869977
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.20~dfsg-3.2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Bounds check the array allocations methods (CVE-2017-9835)
(Closes: #869907)
* Bounds check zone pointer in Ins_MIRP() (CVE-2017-9611) (Closes: #869917)
* Bounds check zone pointers in Ins_IP() (CVE-2017-9612) (Closes: #869916)
* Bounds check zone pointer in Ins_MDRP (CVE-2017-9726) (Closes: #869915)
* Make bounds check in gx_ttfReader__Read more robust (CVE-2017-9727)
(Closes: #869913)
* Bounds check Ins_JMPR (CVE-2017-9739) (Closes: #869910)
* Prevent trying to reloc a freed object (CVE-2017-11714) (Closes: #869977)
Checksums-Sha1:
9e2afb408e26181f04dff55fff1fa750172cbdd1 3053 ghostscript_9.20~dfsg-3.2+deb9u1.dsc
9489bf12392539b5ef063636419ea7248dbed423 24642220 ghostscript_9.20~dfsg.orig.tar.gz
c6962ab5948bf6f3ed01ef2487f5296a1d8d1879 117452 ghostscript_9.20~dfsg-3.2+deb9u1.debian.tar.xz
Checksums-Sha256:
a66b365588b67d40f4d6928e25c786fa3fac9741ff04d90660d2dc25f438173f 3053 ghostscript_9.20~dfsg-3.2+deb9u1.dsc
4b1cc33e4add4b5c62304a041896a176cf69e2a3702ca2ac3ee06b168787f911 24642220 ghostscript_9.20~dfsg.orig.tar.gz
19c59eb694cee2c62d05d5da341744f8b983086366009c577e8a7103ca1ed27e 117452 ghostscript_9.20~dfsg-3.2+deb9u1.debian.tar.xz
Files:
84d2c19d494e08faff25ea77e15d14ed 3053 text optional ghostscript_9.20~dfsg-3.2+deb9u1.dsc
d5fdc5f7b233c68d30d42a782535bdc0 24642220 text optional ghostscript_9.20~dfsg.orig.tar.gz
2c15ecd32a5c13bb64f0833d503717d9 117452 text optional ghostscript_9.20~dfsg-3.2+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnNU55fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFCMP/2xWBGY4eEgLQvDkDbLW2lkCpGXN7uPT
wOHRVQ1TbUpHTJzrO3F+rtx9d+7HilgSufj7ppCDJzgK5PEvt/rOAuci34RZANA8
xGA0XagQ1IrEPKhlYbnbmnDIhdQTYsPxGcNG19lLT4Rs3oKKlmR6SxvSv8LtgPAr
use11F0r2Rg+uOk6YH/++GQaeVIA+DtIa1Ia2t7ejsjFAsaX2YZVAcgqUDLtYosa
c7W17pUNjGXRpBpupV7kY//I7rDYUEUCdawmfWolzJXVGLbEo2pSGNahi3aELpEH
08ULxC0lR28U9wm+qbXtBjKJgvUDaOAysUwnSOpelewkmU3W/U+/HJ7qKfC0qWaD
ncyfhqjTpsN95CvHWYOegWhyRXK8bL5ZPEdYwohLEsSNm/JXXgpC1f0ZaYGwpYw6
X8IfrIZVSakWKPx/vdvmXTX7+i0cXR45DlhyUelJbuZnT5WxMJYbUthgHe/T7x/x
svBMWMRLczhjV/MK0r5BG1Ym5KBD2NicJQSvVsYJKWcHM/eq2qYcYgtFjFGfgtgv
3vOzdbg9t7fdO/7UpA4U0Ha0iIAA5/4mpcvB8MX1k2DqtBWn2cdRHM6G2rvzPWBl
VTQJIg7zZnw0GDV1ElzJLDFfIDBLVuHhMNN9Msh44LleWdVTZYmXIxZTYyMLg2iU
RGYYRf2tb/UD
=9UZx
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sun, 08 Oct 2017 11:36:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 08 Oct 2017 11:36:05 GMT) (full text, mbox, link).
Message #19 received at 869910-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u6
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869910@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Sep 2017 21:55:37 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u6
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 869907 869910 869913 869915 869916 869917 869977
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.06~dfsg-2+deb8u6) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Bounds check the array allocations methods (CVE-2017-9835)
(Closes: #869907)
* Bounds check zone pointer in Ins_MIRP() (CVE-2017-9611) (Closes: #869917)
* Bounds check zone pointers in Ins_IP() (CVE-2017-9612) (Closes: #869916)
* Bounds check zone pointer in Ins_MDRP (CVE-2017-9726) (Closes: #869915)
* Make bounds check in gx_ttfReader__Read more robust (CVE-2017-9727)
(Closes: #869913)
* Bounds check Ins_JMPR (CVE-2017-9739) (Closes: #869910)
* Prevent trying to reloc a freed object (CVE-2017-11714) (Closes: #869977)
Checksums-Sha1:
1c8a4f1c3b0b2588cd34115d793b40dbf00e7271 3047 ghostscript_9.06~dfsg-2+deb8u6.dsc
7a98ed931ce351d6825f9d2e8271761c61173052 102468 ghostscript_9.06~dfsg-2+deb8u6.debian.tar.xz
3dcd1775cdada514468e7233339c23a8d7360c8c 5067528 ghostscript-doc_9.06~dfsg-2+deb8u6_all.deb
163a310efbe0b6f2c6c04778bc51d2057487adaf 1979944 libgs9-common_9.06~dfsg-2+deb8u6_all.deb
Checksums-Sha256:
0b9b99f5f83eebbc94ed5427e962e80a60d2902baee585f85abab11305a22ab0 3047 ghostscript_9.06~dfsg-2+deb8u6.dsc
bba080e49e7a75c8b9f67ee0a5367e80e58e1b6939143964c26df4e59b90b072 102468 ghostscript_9.06~dfsg-2+deb8u6.debian.tar.xz
8c9f3bb98d91393a6775e07d5f3499c5f51dda967782ae84e65bfc2b4a9c3c31 5067528 ghostscript-doc_9.06~dfsg-2+deb8u6_all.deb
b4f9b901a090cb1d4e4b62f01c07f9c5c45d469c11505c8dbaf8b8dd42ed3d7a 1979944 libgs9-common_9.06~dfsg-2+deb8u6_all.deb
Files:
45742412d62f72491d73e847230df4e5 3047 text optional ghostscript_9.06~dfsg-2+deb8u6.dsc
4aba5629803610999fae9ae4fc312454 102468 text optional ghostscript_9.06~dfsg-2+deb8u6.debian.tar.xz
341df47ee100cf2804b914f8c907fd75 5067528 doc optional ghostscript-doc_9.06~dfsg-2+deb8u6_all.deb
6c0ffc5f0c6d1cb33bb4a200e1285301 1979944 libs optional libgs9-common_9.06~dfsg-2+deb8u6_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnNVeNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcbcP/iW41A+XZoaK1xHl/Jgmr0Cp4M9nOqjO
FOwY+b8seRzfuFtFrxbipl8eBxWkausM4TEJtRJIdGUMPEOwJNYiW6e26vJeMx0W
4CvbrI+0MiSHbIEnaxaxAnY0MdHeDk4ZfrWYHlY1l8Fx1FXDw9lTo+z9fuxZYpjF
ZC1CQvW+Wx9I79ht4a7bw+Mr/WgzOZAakx+qHhdzBR0NiWb3Tk9VddRNKbOJ1MqE
IE2tNoSfwU4VL7uFYPbWpPzDafw2rV99AYRyRNjqY8FyLfm5IOAc5ldt9M7EKfCG
9iOk2pQRx5+/pViz3Ira4OUxq+gbxCSmXCxHEl+HXE4RSMDOwqycoQOhfBZorG8v
1wqfm0CZG2ramTZyVSL9qDO9vYtKzcMm6HkcuwU+1Kq8U7RyliabIe2f+48fxAQO
kYuQvqS68yL2tQfpACz6uGe5ubbJjXek00futMAqdqoWPIthwROAUlOPpdBHdtCz
SH77AZX5tCDNG/oJIhWfvLiszpV7LS18mpjoF14of2YsKfFmS+VUCIOLbiT4bTYk
k83RX3SIlPQZNNkvK0cj+S0mHqQo9MvwHcexRkEKgTzfMplYnbhHA7lC5wsncZ+E
R3qL7md+80Z4TasWOn/p60TpGaO24rAGNMPRuHUDtEhcLxzx/m5JoMYiaXtata1U
/G43JfEppNPY
=+ODd
-----END PGP SIGNATURE-----
Marked as fixed in versions ghostscript/9.22~dfsg-1.
Request was from Jonas Smedegaard <dr@jones.dk>
to control@bugs.debian.org.
(Sat, 14 Oct 2017 10:45:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 12 Nov 2017 07:25:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:06:17 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon