Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@lists.debian.org>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon).
Reported by: Raphael Hertzog <hertzog@debian.org>
Date: Fri, 24 Jul 2015 14:39:01 UTC
Severity: important
Tags: jessie, patch, security, sid, squeeze, stretch, wheezy
Found in version ghostscript/8.71~dfsg2-1
Fixed in versions ghostscript/8.71~dfsg2-9+squeeze2, ghostscript/9.15~dfsg-1, ghostscript/9.06~dfsg-2+deb8u1, ghostscript/9.05~dfsg-6.3+deb7u2
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Printing Team <debian-printing@lists.debian.org>
:
Bug#793489
; Package ghostscript
.
(Fri, 24 Jul 2015 14:39:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Printing Team <debian-printing@lists.debian.org>
.
(Fri, 24 Jul 2015 14:39:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ghostscript Severity: important Tags: security patch Hi, the following vulnerability was published for ghostscript. CVE-2015-3228[0]: Integer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228 Please adjust the affected versions in the BTS as needed. All the versions in Debian are affected by the underlying problem in the memory allocation (see http://bugs.ghostscript.com/show_bug.cgi?id=696070) but experimental (9.15~rc1~dfsg-1) does not trigger the segfault due do other changes. You can reproduce the problem with this: $ wget http://bugs.ghostscript.com/attachment.cgi?id=11776 -O /tmp/test.ps $ ps2pdf /tmp/test.ps Segmentation fault The suggested patch is here: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Reply sent
to Thorsten Alteholz <debian@alteholz.de>
:
You have taken responsibility.
(Sat, 25 Jul 2015 10:51:04 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Sat, 25 Jul 2015 10:51:04 GMT) (full text, mbox, link).
Message #10 received at 793489-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript Source-Version: 8.71~dfsg2-9+squeeze2 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793489@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thorsten Alteholz <debian@alteholz.de> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Jul 2015 07:03:02 +0200 Source: ghostscript Binary: ghostscript gs-esp gs-gpl gs-common ghostscript-cups ghostscript-x ghostscript-doc libgs8 libgs-dev Architecture: source all i386 Version: 8.71~dfsg2-9+squeeze2 Distribution: squeeze-lts Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: ghostscript - The GPL Ghostscript PostScript/PDF interpreter ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS filters ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor gs-common - Dummy package depending on ghostscript gs-esp - Transitional package gs-gpl - Transitional package libgs-dev - The Ghostscript PostScript Library - Development Files libgs8 - The Ghostscript PostScript/PDF interpreter Library Closes: 793489 Changes: ghostscript (8.71~dfsg2-9+squeeze2) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. (Closes: #793489) * CVE-2015-3228 In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the variable holding the actual number of bytes we allocate. Checksums-Sha1: 2f3a799ca80297694aac6911a1fc78f85c7b1b3c 2638 ghostscript_8.71~dfsg2-9+squeeze2.dsc 4c15a6819ace153649d104ea6c52abb7a8a22bec 20701498 ghostscript_8.71~dfsg2.orig.tar.gz ba4673e45d64ac12d59f5550d6c3498b981570b6 255701 ghostscript_8.71~dfsg2-9+squeeze2.debian.tar.gz f9cafb92ca3342251bd3b06da842fdcb23aedbfd 46560 gs-esp_8.71~dfsg2-9+squeeze2_all.deb a191c605f06a90a2c064d1546460fda849199be9 46560 gs-gpl_8.71~dfsg2-9+squeeze2_all.deb 986cd54f2d78112e9e1c020b60b864c589642f3a 46280 gs-common_8.71~dfsg2-9+squeeze2_all.deb 17cea32d7491580d70ae0a172e891c4f4d4434d9 3233830 ghostscript-doc_8.71~dfsg2-9+squeeze2_all.deb 3ebd644de77bd995ccba9b8af0efb24e6a375973 83090 ghostscript_8.71~dfsg2-9+squeeze2_i386.deb 96e70fbd5cb99460323ba903863c5fd36393914e 60198 ghostscript-cups_8.71~dfsg2-9+squeeze2_i386.deb b3c8bde1d68914ecb25463a3e2403bfad04f4506 78294 ghostscript-x_8.71~dfsg2-9+squeeze2_i386.deb eede1d40c47053682aab8cf17ec793b999d79c4a 6120904 libgs8_8.71~dfsg2-9+squeeze2_i386.deb 91f15d95570f4e34063641134a0da2f2f8063de4 2615906 libgs-dev_8.71~dfsg2-9+squeeze2_i386.deb Checksums-Sha256: 4a67f525a81800a72e07adcfcd66acb2e34152615ed591f44cb92b05284aca5f 2638 ghostscript_8.71~dfsg2-9+squeeze2.dsc afda83e8cbb0c4720f2ebb224528a2a322394c9e8795394204166c6849141ff1 20701498 ghostscript_8.71~dfsg2.orig.tar.gz db0aff41fc7ccc83c8efa80922170c66894b0b0515eef4607d69a2ce33669bf0 255701 ghostscript_8.71~dfsg2-9+squeeze2.debian.tar.gz 70c931e164b5615043640ca07e553b186aa94346a15d4d871d8b5d1e6ee2bf23 46560 gs-esp_8.71~dfsg2-9+squeeze2_all.deb eda6df29d26ad30d2d651e2e23c5f31cca84a3d12a1b20dc099171e5b5daf7ff 46560 gs-gpl_8.71~dfsg2-9+squeeze2_all.deb b5437669eaa1c2f3b491ee47a080d1475ebd9e1cf2ff56210f15163a2ac7c337 46280 gs-common_8.71~dfsg2-9+squeeze2_all.deb 5e545da6ee38fc25a585b55bf13e869444559cc39703b3bca50d02935f7f6f3c 3233830 ghostscript-doc_8.71~dfsg2-9+squeeze2_all.deb 87af71a31e95752924c9c74f36808d3463fe30d3eb12e15bdc29270c22774b77 83090 ghostscript_8.71~dfsg2-9+squeeze2_i386.deb 045b17179367940fe90cb36515eca11985f88eda456ae8eff3fab72bc41ce806 60198 ghostscript-cups_8.71~dfsg2-9+squeeze2_i386.deb 236560d039c5693a84cc438a27c86d45e7a65673a64cc1340ca04b74091e6adc 78294 ghostscript-x_8.71~dfsg2-9+squeeze2_i386.deb c2567611e52fb763eead7ee1e62423ff4c626c4cf5ed5ee5a6f61e680cdf1505 6120904 libgs8_8.71~dfsg2-9+squeeze2_i386.deb 515091322d8c1fdca0bfb62014d96fc7ec3acefe4f14141b181a62082968159c 2615906 libgs-dev_8.71~dfsg2-9+squeeze2_i386.deb Files: 2e50d0414a2c0311556961f334c4ae68 2638 text optional ghostscript_8.71~dfsg2-9+squeeze2.dsc 53a4cc05053d04528160d0499fc38641 20701498 text optional ghostscript_8.71~dfsg2.orig.tar.gz d9ffc26c2a7af57adb124cb00a2f5f5f 255701 text optional ghostscript_8.71~dfsg2-9+squeeze2.debian.tar.gz 5c81e3628d38d349ed4431545471c90e 46560 text extra gs-esp_8.71~dfsg2-9+squeeze2_all.deb a5c4ba3c6808112a88860b9c805157e7 46560 text extra gs-gpl_8.71~dfsg2-9+squeeze2_all.deb a84c834a8f7d1da4f3a42cc82a4008c2 46280 text extra gs-common_8.71~dfsg2-9+squeeze2_all.deb 5ae3313d5cb199e493792879291e72ef 3233830 doc optional ghostscript-doc_8.71~dfsg2-9+squeeze2_all.deb f8649acafc6b45d4c8af09e2298793f7 83090 text optional ghostscript_8.71~dfsg2-9+squeeze2_i386.deb 838f45ce1ce563888d6c9379e641ed13 60198 text optional ghostscript-cups_8.71~dfsg2-9+squeeze2_i386.deb 4f60b0788cbb3b3053fe16fc258d6d98 78294 text optional ghostscript-x_8.71~dfsg2-9+squeeze2_i386.deb 3281b6a0b67f008748b201b2c146b589 6120904 libs optional libgs8_8.71~dfsg2-9+squeeze2_i386.deb b31f92da96428a36d42d827c518d09cd 2615906 libdevel optional libgs-dev_8.71~dfsg2-9+squeeze2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVs2brXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHo80QAJxXPqAPYwq1EwxkMhDyfx38 5jcxb0Wok0vDScCzRUjJQpiXR6MHx9hilIwJKi10JvDPuX4PVoGiBQ13mPEmdFF9 O0AGiaPY9V99YUiRlpVKXtFbJ1ppzXVNw7Fwva3IeWm688wH9dCntNhC9kJqAMXw v2spNXr/mWWJJS7NEIGmakbyiP0HGFfUK+mgXMYGzpYvpUJ4gbx791huSV9XQfVA nelKNZT1oHzCxWseBUvcrW8D4oNFTxyomo+lN+mGh8gkb+Uew8fww/ljjcKJRnht FiXEB9Qxjsnh55pHlQQEZKi4SIc8yloC5XJqAxXSCEjnU0gssbYHt3r4PlX2/MDp MCoJn/b4Qck57v+lykvqZfzjKwh5WXLbm+biLlfaxtOPUJ+xUBwiOER7Il2zYKsa VeB/YgWUXmC0CJFcRcFAVGlAl02ipmfJ8VxZCukonzLFAVFYM0JxicYPYLhqz+jF IKPc6O8cL85Z6VoLPzac21GWjJTM6UzdUSrcGA80z4Wqsufoo5q1W+QUmJu9s2I8 ZnhBBf+QQyKtn0O1Y299cAfLY78FxDj15a4wdyFxbWNuINiaNOxdxawpVccJ2ss5 NXk9VdXG9jYps9QT9wg7cIi/l73KqdZiNXnRZkS1o994q2Xr8xGXlDnoHsk140f4 O/vxMTCNpkyEQFvxHvit =/kA6 -----END PGP SIGNATURE-----
Marked as found in versions ghostscript/8.71~dfsg2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 25 Jul 2015 15:03:27 GMT) (full text, mbox, link).
Added tag(s) jessie, wheezy, stretch, squeeze, and sid.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 25 Jul 2015 15:03:30 GMT) (full text, mbox, link).
Reply sent
to Jonas Smedegaard <dr@jones.dk>
:
You have taken responsibility.
(Sun, 26 Jul 2015 19:21:18 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Sun, 26 Jul 2015 19:21:19 GMT) (full text, mbox, link).
Message #19 received at 793489-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript Source-Version: 9.15~dfsg-1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793489@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 26 Jul 2015 17:34:11 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source amd64 all Version: 9.15~dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Jonas Smedegaard <dr@jones.dk> Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Closes: 531624 793489 Changes: ghostscript (9.15~dfsg-1) unstable; urgency=medium . [ upstream ] * New release 9.07. Highlights: + Licensing changed to GNU Affero General Public License (AGPL). + Ghostscript now has the option to be built as thread safe. + The pdfwrite devices now supports linearized (or optimized for fast web view) output directly. + Supports Postscript string and array objects with >64k entries. + Supports file sizes >4Gb - in particular reading and writing PDF files, and as side effect supports 64 bit Postscript integer objects. + All CMYK devices supports simulated overprint of spot colors. + Support for use of DeviceN ICC color profiles as the output profile with the tiffsep and psdcmyk devices. + Support for customized named color handling with DeviceN colors. + Support for black point compensation. + Support for K preservation in CMYK to CMYK conversions. + Support for DeviceLink profiles for graphic, image and text objects. + Support for custom color replacement. + Increased control in specifying color conversions as a function of object type. + Provide BigTIFF output option, when linked against recent libtiff. + LittleCMS updated to 2.4 [Debian instead links to shared lib]. Closes: bug#531624. Thanks to Moritz Muehlenhoff and Bastien Roucaries. * New releases 9.09 and 9.10. Highlights: + New Background printing (BGPrint) feature to speedup processing of certain classes of files. + New GrayDetection feature to detect and convert nearly-grey color input to grayscale for some drivers. + Misc. improvements for Windows environments. + Updated URW Postscript font set, fixing compatibility problems with the Adobe fonts [Debian uses separately packaged fonts]. * New release 9.14. Highlights: + pdfwrite now uses same color management as for rendering devices. + New device 'eps2write' to create EPS files using ps2write. + Support customisation of output for specific devices. + Reduced memory usage processing PDF with transparency to either display device or high level vector non-transparency devices like ps2write or pdfwrite when 'flattening' to PDF 1.3 or earlier. + New --saved-page option to spool and render in arbitrary order. + Improved performance by more extensive use of multiple threads. + New device 'pwgraster' to render for PWG Raster output. + CUPS device improved support for PPD-less printing. * New release 9.15. Highlights: + Support for PDF security handler revision 6. + New -dNoOutputFonts for pdfwrite and ps2write (and related). + New PostScript pageneutralcolor state to resolve color/grayscale. + pdfwrite device supports Link annotations. + pdfwrite device supports BMC/BDC/EMC pdfmarks. + New LCMS2-based color management also applies to PDF/A-1 output. . [ Jonas Smedegaard ] * Update copyright info: + Extend coverage a few places to include recent years. + Change main license to "AGPL-3+~Artifex". + Update main fonts to author "(URW)++" and license "AGPL-3+~Artifex with font exception". + Extend coverage for packaging, and relicense as GPL-3+. + Drop Files section for documentation files not shipped since 9.05. + Fix include verbatim exceptions in license section (not comment). + Only comment on (not formally declare) unused AFPL license. + Merge bogus dual-licensing of (two wording of) LGPL-2.1+. + Drop Files sections for excluded autotools files. + Fix stop bogusly list as specially licensed the files examples/waterfal.ps contrib/japanese/doc/gdevdmpr.txt toolbin/localcluster/dashboard.html. + Use License-Grant and License-Reference fields. Thanks to Ben Finney. + Use license short-name public-domain. * Update repackaging: + Strip convenience library trio from upstream source. + Strip DFSG-nonfree ETS halftone code from upstream source. + Strip example code lacking license. + Strip contributed documentation possibly lacking license. + Strip from repackaged upstream tarball ramfs code lacking license according to <http://www.ghostscript.com/irclogs/2014/05/05.html>. + Stop strip jasper project: not shipped since 9.07. + Reflect files moved from base/ to devices/. + Stop documenting CUPS filters dropped since 9.09. * Update patches: + Drop cherry-picked patches now included with upstream release. + Add patch cherry-picked upstream to sanity check for memory allocation. Closes: Bug#793489 (CVE-2015-3228). Thanks to Raphael Hertzog. + Add patch 2009 to not link against stripped ramfs code. + Unfuzz all patches. * Update package relations: + Build-depend on recent libopenjpeg-dev (not libjasper-dev): Support for JasPer has been dropped upstream. + Tighten build-dependency on liblcms2-dev: We need threads support. + Build-depend on libtrio-dev. + Tighten to build-depend on d-shlibs handling libtrio quirk. + Relax to build-depend unversioned on libopenjpeg-dev: Needed version satisified even in oldstable. + Relax to depend unversioned on poppler-data, and drop fallback-dependency on gs-cjk-resource: Needed version satisified even in oldstable. + Drop bogus/ancient fallback-build-dependency on libglut-dev. * Add d-shlibmove override for libtrio. * Add news entry about licensing change to AGPL. Thanks to Jonathan Nieder. * Update symbols file (208 new, 70 dropped). * Temporarily adjust source URLs for upstream pre-release. * Have license-check skip main HTML documentation. * Add lintian overrides regarding license in License-Reference field. See bug#786450. * Declare compliance with Debian Policy 3.9.6. Checksums-Sha1: b59b0b6376bea724f36175063fd938910828e44e 2831 ghostscript_9.15~dfsg-1.dsc 2d616d7ce83336c781cac62396d4a9e3616609e6 18940732 ghostscript_9.15~dfsg.orig.tar.gz 7c98e7fe82a1393de2b48ec4d3a96164cace77f9 98056 ghostscript_9.15~dfsg-1.debian.tar.xz dfea443abf73bc734a4b0527b2092f7aaa8c2391 5511454 ghostscript-dbg_9.15~dfsg-1_amd64.deb c6b63355fa4a44d0aab3cbafd4287f8ab334f67d 4970656 ghostscript-doc_9.15~dfsg-1_all.deb c7b515bb83b4ad43e52e0bed8d44d8518293b2a3 85608 ghostscript-x_9.15~dfsg-1_amd64.deb cb03abecfba331c07a3d68ee7a64eacf09a5f610 92698 ghostscript_9.15~dfsg-1_amd64.deb 21fbd30cb7cb9b5ba7811108541fda20494bcefb 2232240 libgs-dev_9.15~dfsg-1_amd64.deb 58dbbc52d45df7d136949245ed44fe71e9298bb9 2137420 libgs9-common_9.15~dfsg-1_all.deb 42ab9a4f0b7b37bcf582953e2f161c55f77c85f3 2002584 libgs9_9.15~dfsg-1_amd64.deb Checksums-Sha256: b7507210e9a94378d3390046686a1b2ccc15265e7d3c01b3713997c38a23f615 2831 ghostscript_9.15~dfsg-1.dsc a7058c0abff52c865e963da7556b68b26667f4e5547b5c0edb954750d95bfa7a 18940732 ghostscript_9.15~dfsg.orig.tar.gz cdb6d3c0aff6985cc30120543c6644e84ed6eb653aa36880d585b3e8493ab063 98056 ghostscript_9.15~dfsg-1.debian.tar.xz 76cd683db2a3b2306dc9ee94bd779d094326decaf13c39d871bd2388b5be704b 5511454 ghostscript-dbg_9.15~dfsg-1_amd64.deb c2fc881f587b9e2e2980a3b9e4eadb4de7be771404f57041aca5fd5fee704ca2 4970656 ghostscript-doc_9.15~dfsg-1_all.deb a318ff089ffc363e82d5de441b064eaf4edc8fd0d88625597e541d1495a2f920 85608 ghostscript-x_9.15~dfsg-1_amd64.deb 3325d40c24755a874132bb4b54c5e24deb99d8ef5d9a7448b28f40b04808491e 92698 ghostscript_9.15~dfsg-1_amd64.deb b43e79dcbaedf3ec2e3d2174979d68bf2fd87d8ac8d4b29d938b8a7358fb6ca2 2232240 libgs-dev_9.15~dfsg-1_amd64.deb 159177afd20751942ce511856e78e6893d6b739cf550f3f083807ce17826fc55 2137420 libgs9-common_9.15~dfsg-1_all.deb 43185a08d6a1823ebb8fd080195a24c8b620e15353ebdfd439881d7c916c4671 2002584 libgs9_9.15~dfsg-1_amd64.deb Files: a086aa7f0df9452762b10de05d9253dc 2831 text optional ghostscript_9.15~dfsg-1.dsc 4730e901253fa1e43d1a4e33ddc07acc 18940732 text optional ghostscript_9.15~dfsg.orig.tar.gz 2d387457e899c96c0ca39f3668525e86 98056 text optional ghostscript_9.15~dfsg-1.debian.tar.xz 1343c2839e76865cf3db1bd41c88cf55 5511454 debug extra ghostscript-dbg_9.15~dfsg-1_amd64.deb e797e32b9e6f4c4eaa1624e76bbf83fb 4970656 doc optional ghostscript-doc_9.15~dfsg-1_all.deb 5d18f04e3fefa5b9b57650fe3f86f818 85608 text optional ghostscript-x_9.15~dfsg-1_amd64.deb f8ec50af205d75325d09bfba2c8676e6 92698 text optional ghostscript_9.15~dfsg-1_amd64.deb 928a27626647c8dc0cf36dc2566de0af 2232240 libdevel optional libgs-dev_9.15~dfsg-1_amd64.deb 2dceb3ba3f869b725f3337e79aad9aca 2137420 libs optional libgs9-common_9.15~dfsg-1_all.deb de17faf5ee7c0871eb7873166bf17564 2002584 libs optional libgs9_9.15~dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVtS7iAAoJECx8MUbBoAEhs0gQAIBzuAtlxD1b58A7lNnilTjb wi2Jm1gtm+ZPDej82q26EQHkpnTqGiPHxGzXhBa8I0JHOYbGDv1acUCaYiWSaH2W /QncCscJ1lm0jbyUZc9pZpVARweFWuzAvpMs6PW0QddfDrNJk6YCT9s3wO2/8zxo fxTC3kKkBd9H6C6fuErnkYLxjjwETOKX0Cq+l4H2coqtF6Nl6GtV9VkS0b1JVLWR CuzvbMAg6/2XdEXNtk7NpuvFSyDBruTUTCKnHVpR5D627DsesT51k5rGwx+t/znb EvUl0vEjGMaCxXwXI8NAnz/W8t9581uSnAjy1jO4cDMAiggSPau7pOZfTDAztrST n+G8oTLEtrMfHnsk5yVP4tW8Hc9loNcGHIqIicnosuJ/qAS3tet5+Jz8yxtl3tzT uFkLm83R24wNBEZTQLxpj81moYkGlcBPZaa4LGg2mDjNGptzVljRwPaVIvf5KP1U x4fvnNBgD3NHFc4juAUxlRRCEJFVqTPgMxs7C02eUMZwqBnBD6Ca8UIndSLfhEy9 WvzoUcvDWFzr/Llq2suj1kMUiVD1yD5oRtejiRIvUmQ5kVbukoAt8M//Kc3UMuAc YtepF0oNHLQ1GT9jyMSAtmmuN7NFauj0RlbACybZ6XETGoeg8lPw2vzTikiYZIcL 8m942DUUFWwJtMSz/Pny =x9Lz -----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Sun, 02 Aug 2015 17:51:11 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Sun, 02 Aug 2015 17:51:11 GMT) (full text, mbox, link).
Message #24 received at 793489-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript Source-Version: 9.06~dfsg-2+deb8u1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793489@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Jul 2015 14:03:18 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.06~dfsg-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Closes: 793489 Changes: ghostscript (9.06~dfsg-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-3228.patch patch. CVE-2015-3228: Integer overflow in gs_heap_alloc_bytes() (Closes: #793489) Checksums-Sha1: 0b321b3d2706315968d853fb7d1d2936db1d5952 2875 ghostscript_9.06~dfsg-2+deb8u1.dsc 0599b1ceb95f6b0215c4db0031645c9f2a5f8542 18454793 ghostscript_9.06~dfsg.orig.tar.gz 0dcd1577bd3213bef3f4eb179d520b4e1e27f77e 93124 ghostscript_9.06~dfsg-2+deb8u1.debian.tar.xz bf0c0f35e7bcf5585ba9c7159e9b41efd6b84565 5066770 ghostscript-doc_9.06~dfsg-2+deb8u1_all.deb 06f0133d79b1a22b310046b3edc00972c29b5c4b 1979092 libgs9-common_9.06~dfsg-2+deb8u1_all.deb Checksums-Sha256: 02a54072aa10b8de4a30681f2ef51065c5fb5b9501c1c482191eec4cec10eccc 2875 ghostscript_9.06~dfsg-2+deb8u1.dsc 4a98384df28f0a1cc90943292714311ce33d600c6358c24c80e182a40592dbbf 18454793 ghostscript_9.06~dfsg.orig.tar.gz 1bd081e3f4305dc5a2b6a6257646f2bdaf0d9c5a1a352798cb0e61d902f8a4ad 93124 ghostscript_9.06~dfsg-2+deb8u1.debian.tar.xz 06c94eaa384e8b2fc7f034f480a202f8f3b15059c955a4ae6310f68754972017 5066770 ghostscript-doc_9.06~dfsg-2+deb8u1_all.deb 82382c18b1282970215bfdacbaaa49f0cfc1d006bc9e04af2c025763443fac63 1979092 libgs9-common_9.06~dfsg-2+deb8u1_all.deb Files: faf5fec3e809127c63a5b5be171986f3 2875 text optional ghostscript_9.06~dfsg-2+deb8u1.dsc 68d22f8b67369af932d9f0a396a1f63d 18454793 text optional ghostscript_9.06~dfsg.orig.tar.gz 1ceb17b0df71c0ee3d126c156065169f 93124 text optional ghostscript_9.06~dfsg-2+deb8u1.debian.tar.xz a145398017040b40d9f9605e2d4f7f35 5066770 doc optional ghostscript-doc_9.06~dfsg-2+deb8u1_all.deb 52368504114ae9276ca0c8b024ca46a7 1979092 libs optional libgs9-common_9.06~dfsg-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVvGI+AAoJEAVMuPMTQ89EproQAJxu1c+zYiE9LCngzcJntRQ9 76wyeJ+gF73pVUOrDBJG0BTvjMRw4L3oZRELNdUyUm3R0IwrdiRSfsHeHc7vj47z 2YucnFZnQXKAo/JqmhV0QkNkAKKPh+n4CEx3J5jEZjhx+V1hOHgLHKSCF93ZPir+ QOt+ramYYW2Z467UZ85ttUQ1TcMY1JXnskbtcwp+Oe/VN+rbAhqBXaeNBVxgYJdA +G13TlGr8iCcKmm9IkfTxNJTCJ6FZ0aOkcWETAZ+kVlX+r+TU9vCvU98Bl4W0Rbx jHz06uMTJCFb+pl4MCdGWLc2aOfLJDYv6HdLQaDTzDLwjrJBeDPCHvv8riJurRRM HA5Vu9lWjo+YYjbW2ZZMmiz9e3F/Dtf0QjSLGpAMdnh0OfMFWbIevijEVVzKhQqR IiXqXFneoCXlgL5YqdvaqAkCRcXhUf9jczy5OJHKHQf8BWW9/iPY5AapOPbXjJbp kvgC9UK2ucqR51ccu3mmpy0ZuUXLX5nHlOYEFcWlgQqqYh47wABTONhNchx/0V3V y0NkAcJ1FBLqAf4zg7LKO0lWl3Dljmen/M9DmeW5mavWz3j+jeZQ2INNxsMhavoO hz8C2hNE+WVDpUKeCRHANiTF53vN80NCOqta4S8COHW2NFojpNsFv3OLnlPdW8Bj SZdB5lw1Ak4qLJhEywhw =VIT2 -----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Tue, 04 Aug 2015 21:21:10 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Tue, 04 Aug 2015 21:21:10 GMT) (full text, mbox, link).
Message #29 received at 793489-close@bugs.debian.org (full text, mbox, reply):
Source: ghostscript Source-Version: 9.05~dfsg-6.3+deb7u2 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793489@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 01 Aug 2015 08:14:20 +0200 Source: ghostscript Binary: ghostscript ghostscript-cups ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.05~dfsg-6.3+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-cups - interpreter for the PostScript language and for PDF - CUPS filter ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Closes: 793489 Changes: ghostscript (9.05~dfsg-6.3+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2015-3228.patch patch. CVE-2015-3228: Integer overflow in gs_heap_alloc_bytes() (Closes: #793489) Checksums-Sha1: f34d6d2b5f3c7d4961c4c1eeec6d53c286611116 2884 ghostscript_9.05~dfsg-6.3+deb7u2.dsc be53c2fd66535d39b979afe8cc83660e2ca7d48e 18417954 ghostscript_9.05~dfsg.orig.tar.gz d7b05378810b88a53dfbb9c4d251fdbbd8bd1205 89128 ghostscript_9.05~dfsg-6.3+deb7u2.debian.tar.xz df1cf15531a019863d2a57896384ccd97697e52e 2452416 ghostscript-doc_9.05~dfsg-6.3+deb7u2_all.deb 3c43487d58e80afa91249e13dfeed6dd70a45ac6 1976984 libgs9-common_9.05~dfsg-6.3+deb7u2_all.deb 538fbfd1c1d2dc112b292d8d011d1a4cfa281a42 80302 ghostscript_9.05~dfsg-6.3+deb7u2_amd64.deb bc8a4b539e99dab372927ec7061930eca6b76830 59754 ghostscript-cups_9.05~dfsg-6.3+deb7u2_amd64.deb 9fa758ee57bbf207e61bd946ab42879140b2f38a 71974 ghostscript-x_9.05~dfsg-6.3+deb7u2_amd64.deb f19d8df03ac2c777d138276b8f8f6e3064a67ebc 1844340 libgs9_9.05~dfsg-6.3+deb7u2_amd64.deb 4a35c114a0b7021a521ddc9f48d10c1b5395a4ce 2036650 libgs-dev_9.05~dfsg-6.3+deb7u2_amd64.deb 6aeca6e3662ad5338d169cb523d8dc009b0b9c4f 5314542 ghostscript-dbg_9.05~dfsg-6.3+deb7u2_amd64.deb Checksums-Sha256: 1cafef23b84bf9c16ea423c6d3417e183e088f091583cc2c051cb884e3d9bfd0 2884 ghostscript_9.05~dfsg-6.3+deb7u2.dsc fb9dd30c0889d3c9cce94b7b0e0964efafacbbd662a7b2577f626e8a75e9b84b 18417954 ghostscript_9.05~dfsg.orig.tar.gz 67c3f458d23aaa7273a8a3401c0a2187aa6871f59a9ed59d3614d6412ea35fdb 89128 ghostscript_9.05~dfsg-6.3+deb7u2.debian.tar.xz 43adf4d94d0f44219092faba09e20eca33c2502c0cdc44ef3f6ad4d6c79b6d4b 2452416 ghostscript-doc_9.05~dfsg-6.3+deb7u2_all.deb 945a38c9ed86903442375cc61381ba6cdfea63dda9fb1d0d1000a6e64d5c7d29 1976984 libgs9-common_9.05~dfsg-6.3+deb7u2_all.deb dbc194509b013e2ec06d374d667dae9cadb7950c87735804a59400f9b55168d6 80302 ghostscript_9.05~dfsg-6.3+deb7u2_amd64.deb ec4806c185675f4347ede92f4758343c0ce88ffc2ac4b500ee8e88afc7110c27 59754 ghostscript-cups_9.05~dfsg-6.3+deb7u2_amd64.deb 1bb727d37b448bb741e64eb099a4467e10d0b1ad7dee50e83d98ce77430d5031 71974 ghostscript-x_9.05~dfsg-6.3+deb7u2_amd64.deb 365fc1c73e3fc9c7776edfe7fc4d0552ca16f0cdb09627a754c0fa51ad5db4dd 1844340 libgs9_9.05~dfsg-6.3+deb7u2_amd64.deb f1a0d29a32f8ba4d7ea2a07938496f7171de6613b78973d23b838468f5a8851e 2036650 libgs-dev_9.05~dfsg-6.3+deb7u2_amd64.deb 785256ece09987057e9765807d8d978648658dce42024700439491c080d36430 5314542 ghostscript-dbg_9.05~dfsg-6.3+deb7u2_amd64.deb Files: b2a52588d6a9319dab251fa789ba1bbb 2884 text optional ghostscript_9.05~dfsg-6.3+deb7u2.dsc db2b6394d4f7c801f15201340521890a 18417954 text optional ghostscript_9.05~dfsg.orig.tar.gz 22a317d9205ff5ec6d76410ce2526f18 89128 text optional ghostscript_9.05~dfsg-6.3+deb7u2.debian.tar.xz 16c0d7e962b738a90289d88a1e262159 2452416 doc optional ghostscript-doc_9.05~dfsg-6.3+deb7u2_all.deb b8313544364768f29aff88aa861fb865 1976984 libs optional libgs9-common_9.05~dfsg-6.3+deb7u2_all.deb 3cc74120a466391f67f68a0bfcb5a54a 80302 text optional ghostscript_9.05~dfsg-6.3+deb7u2_amd64.deb 8a0404772e9109b8a202e6834cf14ecf 59754 text optional ghostscript-cups_9.05~dfsg-6.3+deb7u2_amd64.deb 10f904aa50c5385e8cdd31d977569269 71974 text optional ghostscript-x_9.05~dfsg-6.3+deb7u2_amd64.deb 76f22dca6dbd36c47c94b0f0a482e054 1844340 libs optional libgs9_9.05~dfsg-6.3+deb7u2_amd64.deb 8bf610ae92b9af7bd8529fea6b8929d3 2036650 libdevel optional libgs-dev_9.05~dfsg-6.3+deb7u2_amd64.deb 432fe6d9ab0d7b435a4f388be6a498ab 5314542 debug extra ghostscript-dbg_9.05~dfsg-6.3+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVvGW5AAoJEAVMuPMTQ89EMXEQAJh/3kEmSnBh0zeRYEo6QIJR CAOy2wbpzNsriPZ34Ad4d5E4uykZu0O4i0/3pfwzOwJwHCKwhyjGZC2iFzxvE9pY zdm7mYNeCLToW93ZJwZNfVJzXvOZghTDgSz+E/taD8s1CpiIyon6Jq37TyXAAHt+ RFSLSgOjdfdKwuoV1S/xWVaoMqCWK+ZHGabu7A8Nu+9SEe+LNI5+q+dRcmDGbbDK myvLh4AzetkORdUE5uTf2Gp41R5Fh7PF1qe7sBTkZKO8iqSGsbZNHDpVkp/W4+fo T7sM0QcpwWHpYcOSvhMfh4QvKIm3lUcYCeN2yUuCICeuhI6DxFMs6x8b/4auakXu 9c14jarmdctjawPX55nTKUbGr8XpJqAEoziQpwDziMnE0Cnd3dm5ApDlsytbzL64 cIyNTH6g7zE4tIFgpCiAtg97q56GigMu82pVE7XKiCVUNNNq3xnh581nWPtxHl5i JmQcCWjwK0jVx0zaoOWVRE3N2lR/T6kuIziQ0RBNiDJFVn0fefukRmmKukG0MAn7 b2ctEdDuH5yDkqhPiy1QhRao3tYBfHwBNVm8F8lmj9MUaem/l27Hjgfmab4q6OBZ qMbR4ZUJHS0OcgvN3DNP99wGkefbgv3t7R8MX+CUlyM/3lrdkdwq4YX6FGcpFQ36 6GPUtCYbUxORi1iUCQ7H =luvG -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 06 Sep 2015 07:41:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.