ghostscript: CVE-2015-3228: Integer overflow

Debian Bug report logs - #793489
ghostscript: CVE-2015-3228: Integer overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Hertzog <hertzog@debian.org>

To: submit@bugs.debian.org

Subject: ghostscript: CVE-2015-3228: Integer overflow

Date: Fri, 24 Jul 2015 16:37:04 +0200

Package: ghostscript
Severity: important
Tags: security patch

Hi,

the following vulnerability was published for ghostscript.

CVE-2015-3228[0]: Integer overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228
    Please adjust the affected versions in the BTS as needed.

All the versions in Debian are affected by the underlying problem
in the memory allocation (see
http://bugs.ghostscript.com/show_bug.cgi?id=696070) but experimental
(9.15~rc1~dfsg-1) does not trigger the segfault due do other changes.

You can reproduce the problem with this:
$ wget http://bugs.ghostscript.com/attachment.cgi?id=11776 -O /tmp/test.ps
$ ps2pdf /tmp/test.ps
Segmentation fault

The suggested patch is here:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Message #10 received at 793489-close@bugs.debian.org (full text, mbox, reply):

From: Thorsten Alteholz <debian@alteholz.de>

To: 793489-close@bugs.debian.org

Subject: Bug#793489: fixed in ghostscript 8.71~dfsg2-9+squeeze2

Date: Sat, 25 Jul 2015 10:49:25 +0000

Source: ghostscript
Source-Version: 8.71~dfsg2-9+squeeze2

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793489@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Jul 2015 07:03:02 +0200
Source: ghostscript
Binary: ghostscript gs-esp gs-gpl gs-common ghostscript-cups ghostscript-x ghostscript-doc libgs8 libgs-dev
Architecture: source all i386
Version: 8.71~dfsg2-9+squeeze2
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS filters
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
 gs-common  - Dummy package depending on ghostscript
 gs-esp     - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Closes: 793489
Changes: 
 ghostscript (8.71~dfsg2-9+squeeze2) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team. (Closes: #793489)
   * CVE-2015-3228
     In gs_heap_alloc_bytes(), add a sanity check to ensure we don't
     overflow the variable holding the actual number of bytes we
     allocate.
Checksums-Sha1: 
 2f3a799ca80297694aac6911a1fc78f85c7b1b3c 2638 ghostscript_8.71~dfsg2-9+squeeze2.dsc
 4c15a6819ace153649d104ea6c52abb7a8a22bec 20701498 ghostscript_8.71~dfsg2.orig.tar.gz
 ba4673e45d64ac12d59f5550d6c3498b981570b6 255701 ghostscript_8.71~dfsg2-9+squeeze2.debian.tar.gz
 f9cafb92ca3342251bd3b06da842fdcb23aedbfd 46560 gs-esp_8.71~dfsg2-9+squeeze2_all.deb
 a191c605f06a90a2c064d1546460fda849199be9 46560 gs-gpl_8.71~dfsg2-9+squeeze2_all.deb
 986cd54f2d78112e9e1c020b60b864c589642f3a 46280 gs-common_8.71~dfsg2-9+squeeze2_all.deb
 17cea32d7491580d70ae0a172e891c4f4d4434d9 3233830 ghostscript-doc_8.71~dfsg2-9+squeeze2_all.deb
 3ebd644de77bd995ccba9b8af0efb24e6a375973 83090 ghostscript_8.71~dfsg2-9+squeeze2_i386.deb
 96e70fbd5cb99460323ba903863c5fd36393914e 60198 ghostscript-cups_8.71~dfsg2-9+squeeze2_i386.deb
 b3c8bde1d68914ecb25463a3e2403bfad04f4506 78294 ghostscript-x_8.71~dfsg2-9+squeeze2_i386.deb
 eede1d40c47053682aab8cf17ec793b999d79c4a 6120904 libgs8_8.71~dfsg2-9+squeeze2_i386.deb
 91f15d95570f4e34063641134a0da2f2f8063de4 2615906 libgs-dev_8.71~dfsg2-9+squeeze2_i386.deb
Checksums-Sha256: 
 4a67f525a81800a72e07adcfcd66acb2e34152615ed591f44cb92b05284aca5f 2638 ghostscript_8.71~dfsg2-9+squeeze2.dsc
 afda83e8cbb0c4720f2ebb224528a2a322394c9e8795394204166c6849141ff1 20701498 ghostscript_8.71~dfsg2.orig.tar.gz
 db0aff41fc7ccc83c8efa80922170c66894b0b0515eef4607d69a2ce33669bf0 255701 ghostscript_8.71~dfsg2-9+squeeze2.debian.tar.gz
 70c931e164b5615043640ca07e553b186aa94346a15d4d871d8b5d1e6ee2bf23 46560 gs-esp_8.71~dfsg2-9+squeeze2_all.deb
 eda6df29d26ad30d2d651e2e23c5f31cca84a3d12a1b20dc099171e5b5daf7ff 46560 gs-gpl_8.71~dfsg2-9+squeeze2_all.deb
 b5437669eaa1c2f3b491ee47a080d1475ebd9e1cf2ff56210f15163a2ac7c337 46280 gs-common_8.71~dfsg2-9+squeeze2_all.deb
 5e545da6ee38fc25a585b55bf13e869444559cc39703b3bca50d02935f7f6f3c 3233830 ghostscript-doc_8.71~dfsg2-9+squeeze2_all.deb
 87af71a31e95752924c9c74f36808d3463fe30d3eb12e15bdc29270c22774b77 83090 ghostscript_8.71~dfsg2-9+squeeze2_i386.deb
 045b17179367940fe90cb36515eca11985f88eda456ae8eff3fab72bc41ce806 60198 ghostscript-cups_8.71~dfsg2-9+squeeze2_i386.deb
 236560d039c5693a84cc438a27c86d45e7a65673a64cc1340ca04b74091e6adc 78294 ghostscript-x_8.71~dfsg2-9+squeeze2_i386.deb
 c2567611e52fb763eead7ee1e62423ff4c626c4cf5ed5ee5a6f61e680cdf1505 6120904 libgs8_8.71~dfsg2-9+squeeze2_i386.deb
 515091322d8c1fdca0bfb62014d96fc7ec3acefe4f14141b181a62082968159c 2615906 libgs-dev_8.71~dfsg2-9+squeeze2_i386.deb
Files: 
 2e50d0414a2c0311556961f334c4ae68 2638 text optional ghostscript_8.71~dfsg2-9+squeeze2.dsc
 53a4cc05053d04528160d0499fc38641 20701498 text optional ghostscript_8.71~dfsg2.orig.tar.gz
 d9ffc26c2a7af57adb124cb00a2f5f5f 255701 text optional ghostscript_8.71~dfsg2-9+squeeze2.debian.tar.gz
 5c81e3628d38d349ed4431545471c90e 46560 text extra gs-esp_8.71~dfsg2-9+squeeze2_all.deb
 a5c4ba3c6808112a88860b9c805157e7 46560 text extra gs-gpl_8.71~dfsg2-9+squeeze2_all.deb
 a84c834a8f7d1da4f3a42cc82a4008c2 46280 text extra gs-common_8.71~dfsg2-9+squeeze2_all.deb
 5ae3313d5cb199e493792879291e72ef 3233830 doc optional ghostscript-doc_8.71~dfsg2-9+squeeze2_all.deb
 f8649acafc6b45d4c8af09e2298793f7 83090 text optional ghostscript_8.71~dfsg2-9+squeeze2_i386.deb
 838f45ce1ce563888d6c9379e641ed13 60198 text optional ghostscript-cups_8.71~dfsg2-9+squeeze2_i386.deb
 4f60b0788cbb3b3053fe16fc258d6d98 78294 text optional ghostscript-x_8.71~dfsg2-9+squeeze2_i386.deb
 3281b6a0b67f008748b201b2c146b589 6120904 libs optional libgs8_8.71~dfsg2-9+squeeze2_i386.deb
 b31f92da96428a36d42d827c518d09cd 2615906 libdevel optional libgs-dev_8.71~dfsg2-9+squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJVs2brXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHo80QAJxXPqAPYwq1EwxkMhDyfx38
5jcxb0Wok0vDScCzRUjJQpiXR6MHx9hilIwJKi10JvDPuX4PVoGiBQ13mPEmdFF9
O0AGiaPY9V99YUiRlpVKXtFbJ1ppzXVNw7Fwva3IeWm688wH9dCntNhC9kJqAMXw
v2spNXr/mWWJJS7NEIGmakbyiP0HGFfUK+mgXMYGzpYvpUJ4gbx791huSV9XQfVA
nelKNZT1oHzCxWseBUvcrW8D4oNFTxyomo+lN+mGh8gkb+Uew8fww/ljjcKJRnht
FiXEB9Qxjsnh55pHlQQEZKi4SIc8yloC5XJqAxXSCEjnU0gssbYHt3r4PlX2/MDp
MCoJn/b4Qck57v+lykvqZfzjKwh5WXLbm+biLlfaxtOPUJ+xUBwiOER7Il2zYKsa
VeB/YgWUXmC0CJFcRcFAVGlAl02ipmfJ8VxZCukonzLFAVFYM0JxicYPYLhqz+jF
IKPc6O8cL85Z6VoLPzac21GWjJTM6UzdUSrcGA80z4Wqsufoo5q1W+QUmJu9s2I8
ZnhBBf+QQyKtn0O1Y299cAfLY78FxDj15a4wdyFxbWNuINiaNOxdxawpVccJ2ss5
NXk9VdXG9jYps9QT9wg7cIi/l73KqdZiNXnRZkS1o994q2Xr8xGXlDnoHsk140f4
O/vxMTCNpkyEQFvxHvit
=/kA6
-----END PGP SIGNATURE-----

Message #19 received at 793489-close@bugs.debian.org (full text, mbox, reply):

From: Jonas Smedegaard <dr@jones.dk>

To: 793489-close@bugs.debian.org

Subject: Bug#793489: fixed in ghostscript 9.15~dfsg-1

Date: Sun, 26 Jul 2015 19:19:12 +0000

Source: ghostscript
Source-Version: 9.15~dfsg-1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793489@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 26 Jul 2015 17:34:11 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source amd64 all
Version: 9.15~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 531624 793489
Changes:
 ghostscript (9.15~dfsg-1) unstable; urgency=medium
 .
   [ upstream ]
   * New release 9.07.
     Highlights:
     + Licensing changed to GNU Affero General Public License (AGPL).
     + Ghostscript now has the option to be built as thread safe.
     + The pdfwrite devices now supports linearized (or optimized for
       fast web view) output directly.
     + Supports Postscript string and array objects with >64k entries.
     + Supports file sizes >4Gb - in particular reading and writing PDF
       files, and as side effect supports 64 bit Postscript integer
       objects.
     + All CMYK devices supports simulated overprint of spot colors.
     + Support for use of DeviceN ICC color profiles as the output
       profile with the tiffsep and psdcmyk devices.
     + Support for customized named color handling with DeviceN colors.
     + Support for black point compensation.
     + Support for K preservation in CMYK to CMYK conversions.
     + Support for DeviceLink profiles for graphic, image and text
       objects.
     + Support for custom color replacement.
     + Increased control in specifying color conversions as a function of
       object type.
     + Provide BigTIFF output option, when linked against recent libtiff.
     + LittleCMS updated to 2.4 [Debian instead links to shared lib].
       Closes: bug#531624. Thanks to Moritz Muehlenhoff and Bastien
       Roucaries.
   * New releases 9.09 and 9.10.
     Highlights:
     + New Background printing (BGPrint) feature to speedup processing of
       certain classes of files.
     + New GrayDetection feature to detect and convert nearly-grey color
       input to grayscale for some drivers.
     + Misc. improvements for Windows environments.
     + Updated URW Postscript font set, fixing compatibility problems
       with the Adobe fonts [Debian uses separately packaged fonts].
   * New release 9.14.
     Highlights:
     + pdfwrite now uses same color management as for rendering devices.
     + New device 'eps2write' to create EPS files using ps2write.
     + Support customisation of output for specific devices.
     + Reduced memory usage processing PDF with transparency to either
       display device or high level vector non-transparency devices like
       ps2write or pdfwrite when 'flattening' to PDF 1.3 or earlier.
     + New --saved-page option to spool and render in arbitrary order.
     + Improved performance by more extensive use of multiple threads.
     + New device 'pwgraster' to render for PWG Raster output.
     + CUPS device improved support for PPD-less printing.
   * New release 9.15.
     Highlights:
     + Support for PDF security handler revision 6.
     + New -dNoOutputFonts for pdfwrite and ps2write (and related).
     + New PostScript pageneutralcolor state to resolve color/grayscale.
     + pdfwrite device supports Link annotations.
     + pdfwrite device supports BMC/BDC/EMC pdfmarks.
     + New LCMS2-based color management also applies to PDF/A-1 output.
 .
   [ Jonas Smedegaard ]
   * Update copyright info:
     + Extend coverage a few places to include recent years.
     + Change main license to "AGPL-3+~Artifex".
     + Update main fonts to author "(URW)++" and license
       "AGPL-3+~Artifex with font exception".
     + Extend coverage for packaging, and relicense as GPL-3+.
     + Drop Files section for documentation files not shipped since 9.05.
     + Fix include verbatim exceptions in license section (not comment).
     + Only comment on (not formally declare) unused AFPL license.
     + Merge bogus dual-licensing of (two wording of) LGPL-2.1+.
     + Drop Files sections for excluded autotools files.
     + Fix stop bogusly list as specially licensed the files
       examples/waterfal.ps contrib/japanese/doc/gdevdmpr.txt
       toolbin/localcluster/dashboard.html.
     + Use License-Grant and License-Reference fields.
       Thanks to Ben Finney.
     + Use license short-name public-domain.
   * Update repackaging:
     + Strip convenience library trio from upstream source.
     + Strip DFSG-nonfree ETS halftone code from upstream source.
     + Strip example code lacking license.
     + Strip contributed documentation possibly lacking license.
     + Strip from repackaged upstream tarball ramfs code lacking license
       according to <http://www.ghostscript.com/irclogs/2014/05/05.html>.
     + Stop strip jasper project: not shipped since 9.07.
     + Reflect files moved from base/ to devices/.
     + Stop documenting CUPS filters dropped since 9.09.
   * Update patches:
     + Drop cherry-picked patches now included with upstream release.
     + Add patch cherry-picked upstream to sanity check for memory
       allocation.
       Closes: Bug#793489 (CVE-2015-3228). Thanks to Raphael Hertzog.
     + Add patch 2009 to not link against stripped ramfs code.
     + Unfuzz all patches.
   * Update package relations:
     + Build-depend on recent libopenjpeg-dev (not libjasper-dev):
       Support for JasPer has been dropped upstream.
     + Tighten build-dependency on liblcms2-dev: We need threads support.
     + Build-depend on libtrio-dev.
     + Tighten to build-depend on d-shlibs handling libtrio quirk.
     + Relax to build-depend unversioned on libopenjpeg-dev: Needed
       version satisified even in oldstable.
     + Relax to depend unversioned on poppler-data, and drop
       fallback-dependency on gs-cjk-resource: Needed version satisified
       even in oldstable.
     + Drop bogus/ancient fallback-build-dependency on libglut-dev.
   * Add d-shlibmove override for libtrio.
   * Add news entry about licensing change to AGPL.
     Thanks to Jonathan Nieder.
   * Update symbols file (208 new, 70 dropped).
   * Temporarily adjust source URLs for upstream pre-release.
   * Have license-check skip main HTML documentation.
   * Add lintian overrides regarding license in License-Reference field.
     See bug#786450.
   * Declare compliance with Debian Policy 3.9.6.
Checksums-Sha1:
 b59b0b6376bea724f36175063fd938910828e44e 2831 ghostscript_9.15~dfsg-1.dsc
 2d616d7ce83336c781cac62396d4a9e3616609e6 18940732 ghostscript_9.15~dfsg.orig.tar.gz
 7c98e7fe82a1393de2b48ec4d3a96164cace77f9 98056 ghostscript_9.15~dfsg-1.debian.tar.xz
 dfea443abf73bc734a4b0527b2092f7aaa8c2391 5511454 ghostscript-dbg_9.15~dfsg-1_amd64.deb
 c6b63355fa4a44d0aab3cbafd4287f8ab334f67d 4970656 ghostscript-doc_9.15~dfsg-1_all.deb
 c7b515bb83b4ad43e52e0bed8d44d8518293b2a3 85608 ghostscript-x_9.15~dfsg-1_amd64.deb
 cb03abecfba331c07a3d68ee7a64eacf09a5f610 92698 ghostscript_9.15~dfsg-1_amd64.deb
 21fbd30cb7cb9b5ba7811108541fda20494bcefb 2232240 libgs-dev_9.15~dfsg-1_amd64.deb
 58dbbc52d45df7d136949245ed44fe71e9298bb9 2137420 libgs9-common_9.15~dfsg-1_all.deb
 42ab9a4f0b7b37bcf582953e2f161c55f77c85f3 2002584 libgs9_9.15~dfsg-1_amd64.deb
Checksums-Sha256:
 b7507210e9a94378d3390046686a1b2ccc15265e7d3c01b3713997c38a23f615 2831 ghostscript_9.15~dfsg-1.dsc
 a7058c0abff52c865e963da7556b68b26667f4e5547b5c0edb954750d95bfa7a 18940732 ghostscript_9.15~dfsg.orig.tar.gz
 cdb6d3c0aff6985cc30120543c6644e84ed6eb653aa36880d585b3e8493ab063 98056 ghostscript_9.15~dfsg-1.debian.tar.xz
 76cd683db2a3b2306dc9ee94bd779d094326decaf13c39d871bd2388b5be704b 5511454 ghostscript-dbg_9.15~dfsg-1_amd64.deb
 c2fc881f587b9e2e2980a3b9e4eadb4de7be771404f57041aca5fd5fee704ca2 4970656 ghostscript-doc_9.15~dfsg-1_all.deb
 a318ff089ffc363e82d5de441b064eaf4edc8fd0d88625597e541d1495a2f920 85608 ghostscript-x_9.15~dfsg-1_amd64.deb
 3325d40c24755a874132bb4b54c5e24deb99d8ef5d9a7448b28f40b04808491e 92698 ghostscript_9.15~dfsg-1_amd64.deb
 b43e79dcbaedf3ec2e3d2174979d68bf2fd87d8ac8d4b29d938b8a7358fb6ca2 2232240 libgs-dev_9.15~dfsg-1_amd64.deb
 159177afd20751942ce511856e78e6893d6b739cf550f3f083807ce17826fc55 2137420 libgs9-common_9.15~dfsg-1_all.deb
 43185a08d6a1823ebb8fd080195a24c8b620e15353ebdfd439881d7c916c4671 2002584 libgs9_9.15~dfsg-1_amd64.deb
Files:
 a086aa7f0df9452762b10de05d9253dc 2831 text optional ghostscript_9.15~dfsg-1.dsc
 4730e901253fa1e43d1a4e33ddc07acc 18940732 text optional ghostscript_9.15~dfsg.orig.tar.gz
 2d387457e899c96c0ca39f3668525e86 98056 text optional ghostscript_9.15~dfsg-1.debian.tar.xz
 1343c2839e76865cf3db1bd41c88cf55 5511454 debug extra ghostscript-dbg_9.15~dfsg-1_amd64.deb
 e797e32b9e6f4c4eaa1624e76bbf83fb 4970656 doc optional ghostscript-doc_9.15~dfsg-1_all.deb
 5d18f04e3fefa5b9b57650fe3f86f818 85608 text optional ghostscript-x_9.15~dfsg-1_amd64.deb
 f8ec50af205d75325d09bfba2c8676e6 92698 text optional ghostscript_9.15~dfsg-1_amd64.deb
 928a27626647c8dc0cf36dc2566de0af 2232240 libdevel optional libgs-dev_9.15~dfsg-1_amd64.deb
 2dceb3ba3f869b725f3337e79aad9aca 2137420 libs optional libgs9-common_9.15~dfsg-1_all.deb
 de17faf5ee7c0871eb7873166bf17564 2002584 libs optional libgs9_9.15~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVtS7iAAoJECx8MUbBoAEhs0gQAIBzuAtlxD1b58A7lNnilTjb
wi2Jm1gtm+ZPDej82q26EQHkpnTqGiPHxGzXhBa8I0JHOYbGDv1acUCaYiWSaH2W
/QncCscJ1lm0jbyUZc9pZpVARweFWuzAvpMs6PW0QddfDrNJk6YCT9s3wO2/8zxo
fxTC3kKkBd9H6C6fuErnkYLxjjwETOKX0Cq+l4H2coqtF6Nl6GtV9VkS0b1JVLWR
CuzvbMAg6/2XdEXNtk7NpuvFSyDBruTUTCKnHVpR5D627DsesT51k5rGwx+t/znb
EvUl0vEjGMaCxXwXI8NAnz/W8t9581uSnAjy1jO4cDMAiggSPau7pOZfTDAztrST
n+G8oTLEtrMfHnsk5yVP4tW8Hc9loNcGHIqIicnosuJ/qAS3tet5+Jz8yxtl3tzT
uFkLm83R24wNBEZTQLxpj81moYkGlcBPZaa4LGg2mDjNGptzVljRwPaVIvf5KP1U
x4fvnNBgD3NHFc4juAUxlRRCEJFVqTPgMxs7C02eUMZwqBnBD6Ca8UIndSLfhEy9
WvzoUcvDWFzr/Llq2suj1kMUiVD1yD5oRtejiRIvUmQ5kVbukoAt8M//Kc3UMuAc
YtepF0oNHLQ1GT9jyMSAtmmuN7NFauj0RlbACybZ6XETGoeg8lPw2vzTikiYZIcL
8m942DUUFWwJtMSz/Pny
=x9Lz
-----END PGP SIGNATURE-----

Message #24 received at 793489-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 793489-close@bugs.debian.org

Subject: Bug#793489: fixed in ghostscript 9.06~dfsg-2+deb8u1

Date: Sun, 02 Aug 2015 17:47:20 +0000

Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793489@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jul 2015 14:03:18 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source all amd64
Version: 9.06~dfsg-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 793489
Changes:
 ghostscript (9.06~dfsg-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-3228.patch patch.
     CVE-2015-3228: Integer overflow in gs_heap_alloc_bytes() (Closes: #793489)
Checksums-Sha1:
 0b321b3d2706315968d853fb7d1d2936db1d5952 2875 ghostscript_9.06~dfsg-2+deb8u1.dsc
 0599b1ceb95f6b0215c4db0031645c9f2a5f8542 18454793 ghostscript_9.06~dfsg.orig.tar.gz
 0dcd1577bd3213bef3f4eb179d520b4e1e27f77e 93124 ghostscript_9.06~dfsg-2+deb8u1.debian.tar.xz
 bf0c0f35e7bcf5585ba9c7159e9b41efd6b84565 5066770 ghostscript-doc_9.06~dfsg-2+deb8u1_all.deb
 06f0133d79b1a22b310046b3edc00972c29b5c4b 1979092 libgs9-common_9.06~dfsg-2+deb8u1_all.deb
Checksums-Sha256:
 02a54072aa10b8de4a30681f2ef51065c5fb5b9501c1c482191eec4cec10eccc 2875 ghostscript_9.06~dfsg-2+deb8u1.dsc
 4a98384df28f0a1cc90943292714311ce33d600c6358c24c80e182a40592dbbf 18454793 ghostscript_9.06~dfsg.orig.tar.gz
 1bd081e3f4305dc5a2b6a6257646f2bdaf0d9c5a1a352798cb0e61d902f8a4ad 93124 ghostscript_9.06~dfsg-2+deb8u1.debian.tar.xz
 06c94eaa384e8b2fc7f034f480a202f8f3b15059c955a4ae6310f68754972017 5066770 ghostscript-doc_9.06~dfsg-2+deb8u1_all.deb
 82382c18b1282970215bfdacbaaa49f0cfc1d006bc9e04af2c025763443fac63 1979092 libgs9-common_9.06~dfsg-2+deb8u1_all.deb
Files:
 faf5fec3e809127c63a5b5be171986f3 2875 text optional ghostscript_9.06~dfsg-2+deb8u1.dsc
 68d22f8b67369af932d9f0a396a1f63d 18454793 text optional ghostscript_9.06~dfsg.orig.tar.gz
 1ceb17b0df71c0ee3d126c156065169f 93124 text optional ghostscript_9.06~dfsg-2+deb8u1.debian.tar.xz
 a145398017040b40d9f9605e2d4f7f35 5066770 doc optional ghostscript-doc_9.06~dfsg-2+deb8u1_all.deb
 52368504114ae9276ca0c8b024ca46a7 1979092 libs optional libgs9-common_9.06~dfsg-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVvGI+AAoJEAVMuPMTQ89EproQAJxu1c+zYiE9LCngzcJntRQ9
76wyeJ+gF73pVUOrDBJG0BTvjMRw4L3oZRELNdUyUm3R0IwrdiRSfsHeHc7vj47z
2YucnFZnQXKAo/JqmhV0QkNkAKKPh+n4CEx3J5jEZjhx+V1hOHgLHKSCF93ZPir+
QOt+ramYYW2Z467UZ85ttUQ1TcMY1JXnskbtcwp+Oe/VN+rbAhqBXaeNBVxgYJdA
+G13TlGr8iCcKmm9IkfTxNJTCJ6FZ0aOkcWETAZ+kVlX+r+TU9vCvU98Bl4W0Rbx
jHz06uMTJCFb+pl4MCdGWLc2aOfLJDYv6HdLQaDTzDLwjrJBeDPCHvv8riJurRRM
HA5Vu9lWjo+YYjbW2ZZMmiz9e3F/Dtf0QjSLGpAMdnh0OfMFWbIevijEVVzKhQqR
IiXqXFneoCXlgL5YqdvaqAkCRcXhUf9jczy5OJHKHQf8BWW9/iPY5AapOPbXjJbp
kvgC9UK2ucqR51ccu3mmpy0ZuUXLX5nHlOYEFcWlgQqqYh47wABTONhNchx/0V3V
y0NkAcJ1FBLqAf4zg7LKO0lWl3Dljmen/M9DmeW5mavWz3j+jeZQ2INNxsMhavoO
hz8C2hNE+WVDpUKeCRHANiTF53vN80NCOqta4S8COHW2NFojpNsFv3OLnlPdW8Bj
SZdB5lw1Ak4qLJhEywhw
=VIT2
-----END PGP SIGNATURE-----

Message #29 received at 793489-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 793489-close@bugs.debian.org

Subject: Bug#793489: fixed in ghostscript 9.05~dfsg-6.3+deb7u2

Date: Tue, 04 Aug 2015 21:17:59 +0000

Source: ghostscript
Source-Version: 9.05~dfsg-6.3+deb7u2

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 793489@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 01 Aug 2015 08:14:20 +0200
Source: ghostscript
Binary: ghostscript ghostscript-cups ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source all amd64
Version: 9.05~dfsg-6.3+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-cups - interpreter for the PostScript language and for PDF - CUPS filter
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 793489
Changes: 
 ghostscript (9.05~dfsg-6.3+deb7u2) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-3228.patch patch.
     CVE-2015-3228: Integer overflow in gs_heap_alloc_bytes() (Closes: #793489)
Checksums-Sha1: 
 f34d6d2b5f3c7d4961c4c1eeec6d53c286611116 2884 ghostscript_9.05~dfsg-6.3+deb7u2.dsc
 be53c2fd66535d39b979afe8cc83660e2ca7d48e 18417954 ghostscript_9.05~dfsg.orig.tar.gz
 d7b05378810b88a53dfbb9c4d251fdbbd8bd1205 89128 ghostscript_9.05~dfsg-6.3+deb7u2.debian.tar.xz
 df1cf15531a019863d2a57896384ccd97697e52e 2452416 ghostscript-doc_9.05~dfsg-6.3+deb7u2_all.deb
 3c43487d58e80afa91249e13dfeed6dd70a45ac6 1976984 libgs9-common_9.05~dfsg-6.3+deb7u2_all.deb
 538fbfd1c1d2dc112b292d8d011d1a4cfa281a42 80302 ghostscript_9.05~dfsg-6.3+deb7u2_amd64.deb
 bc8a4b539e99dab372927ec7061930eca6b76830 59754 ghostscript-cups_9.05~dfsg-6.3+deb7u2_amd64.deb
 9fa758ee57bbf207e61bd946ab42879140b2f38a 71974 ghostscript-x_9.05~dfsg-6.3+deb7u2_amd64.deb
 f19d8df03ac2c777d138276b8f8f6e3064a67ebc 1844340 libgs9_9.05~dfsg-6.3+deb7u2_amd64.deb
 4a35c114a0b7021a521ddc9f48d10c1b5395a4ce 2036650 libgs-dev_9.05~dfsg-6.3+deb7u2_amd64.deb
 6aeca6e3662ad5338d169cb523d8dc009b0b9c4f 5314542 ghostscript-dbg_9.05~dfsg-6.3+deb7u2_amd64.deb
Checksums-Sha256: 
 1cafef23b84bf9c16ea423c6d3417e183e088f091583cc2c051cb884e3d9bfd0 2884 ghostscript_9.05~dfsg-6.3+deb7u2.dsc
 fb9dd30c0889d3c9cce94b7b0e0964efafacbbd662a7b2577f626e8a75e9b84b 18417954 ghostscript_9.05~dfsg.orig.tar.gz
 67c3f458d23aaa7273a8a3401c0a2187aa6871f59a9ed59d3614d6412ea35fdb 89128 ghostscript_9.05~dfsg-6.3+deb7u2.debian.tar.xz
 43adf4d94d0f44219092faba09e20eca33c2502c0cdc44ef3f6ad4d6c79b6d4b 2452416 ghostscript-doc_9.05~dfsg-6.3+deb7u2_all.deb
 945a38c9ed86903442375cc61381ba6cdfea63dda9fb1d0d1000a6e64d5c7d29 1976984 libgs9-common_9.05~dfsg-6.3+deb7u2_all.deb
 dbc194509b013e2ec06d374d667dae9cadb7950c87735804a59400f9b55168d6 80302 ghostscript_9.05~dfsg-6.3+deb7u2_amd64.deb
 ec4806c185675f4347ede92f4758343c0ce88ffc2ac4b500ee8e88afc7110c27 59754 ghostscript-cups_9.05~dfsg-6.3+deb7u2_amd64.deb
 1bb727d37b448bb741e64eb099a4467e10d0b1ad7dee50e83d98ce77430d5031 71974 ghostscript-x_9.05~dfsg-6.3+deb7u2_amd64.deb
 365fc1c73e3fc9c7776edfe7fc4d0552ca16f0cdb09627a754c0fa51ad5db4dd 1844340 libgs9_9.05~dfsg-6.3+deb7u2_amd64.deb
 f1a0d29a32f8ba4d7ea2a07938496f7171de6613b78973d23b838468f5a8851e 2036650 libgs-dev_9.05~dfsg-6.3+deb7u2_amd64.deb
 785256ece09987057e9765807d8d978648658dce42024700439491c080d36430 5314542 ghostscript-dbg_9.05~dfsg-6.3+deb7u2_amd64.deb
Files: 
 b2a52588d6a9319dab251fa789ba1bbb 2884 text optional ghostscript_9.05~dfsg-6.3+deb7u2.dsc
 db2b6394d4f7c801f15201340521890a 18417954 text optional ghostscript_9.05~dfsg.orig.tar.gz
 22a317d9205ff5ec6d76410ce2526f18 89128 text optional ghostscript_9.05~dfsg-6.3+deb7u2.debian.tar.xz
 16c0d7e962b738a90289d88a1e262159 2452416 doc optional ghostscript-doc_9.05~dfsg-6.3+deb7u2_all.deb
 b8313544364768f29aff88aa861fb865 1976984 libs optional libgs9-common_9.05~dfsg-6.3+deb7u2_all.deb
 3cc74120a466391f67f68a0bfcb5a54a 80302 text optional ghostscript_9.05~dfsg-6.3+deb7u2_amd64.deb
 8a0404772e9109b8a202e6834cf14ecf 59754 text optional ghostscript-cups_9.05~dfsg-6.3+deb7u2_amd64.deb
 10f904aa50c5385e8cdd31d977569269 71974 text optional ghostscript-x_9.05~dfsg-6.3+deb7u2_amd64.deb
 76f22dca6dbd36c47c94b0f0a482e054 1844340 libs optional libgs9_9.05~dfsg-6.3+deb7u2_amd64.deb
 8bf610ae92b9af7bd8529fea6b8929d3 2036650 libdevel optional libgs-dev_9.05~dfsg-6.3+deb7u2_amd64.deb
 432fe6d9ab0d7b435a4f388be6a498ab 5314542 debug extra ghostscript-dbg_9.05~dfsg-6.3+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVvGW5AAoJEAVMuPMTQ89EMXEQAJh/3kEmSnBh0zeRYEo6QIJR
CAOy2wbpzNsriPZ34Ad4d5E4uykZu0O4i0/3pfwzOwJwHCKwhyjGZC2iFzxvE9pY
zdm7mYNeCLToW93ZJwZNfVJzXvOZghTDgSz+E/taD8s1CpiIyon6Jq37TyXAAHt+
RFSLSgOjdfdKwuoV1S/xWVaoMqCWK+ZHGabu7A8Nu+9SEe+LNI5+q+dRcmDGbbDK
myvLh4AzetkORdUE5uTf2Gp41R5Fh7PF1qe7sBTkZKO8iqSGsbZNHDpVkp/W4+fo
T7sM0QcpwWHpYcOSvhMfh4QvKIm3lUcYCeN2yUuCICeuhI6DxFMs6x8b/4auakXu
9c14jarmdctjawPX55nTKUbGr8XpJqAEoziQpwDziMnE0Cnd3dm5ApDlsytbzL64
cIyNTH6g7zE4tIFgpCiAtg97q56GigMu82pVE7XKiCVUNNNq3xnh581nWPtxHl5i
JmQcCWjwK0jVx0zaoOWVRE3N2lR/T6kuIziQ0RBNiDJFVn0fefukRmmKukG0MAn7
b2ctEdDuH5yDkqhPiy1QhRao3tYBfHwBNVm8F8lmj9MUaem/l27Hjgfmab4q6OBZ
qMbR4ZUJHS0OcgvN3DNP99wGkefbgv3t7R8MX+CUlyM/3lrdkdwq4YX6FGcpFQ36
6GPUtCYbUxORi1iUCQ7H
=luvG
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.