ghostscript: multiple vulnerabilities

Debian Bug report logs - #524803
ghostscript: multiple vulnerabilities

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

To: submit@bugs.debian.org

Subject: ghostscript: multiple vulnerabilities

Date: Sun, 19 Apr 2009 21:40:45 -0400

package: ghostscript
severity: grave
tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) ids were
published for ghostscript.

CVE-2007-6725[0]:
| The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly
| other versions, allows remote attackers to cause a denial of service
| (crash) and possibly execute arbitrary code via a crafted PDF file
| that triggers a buffer underflow in the cf_decode_2d function.

CVE-2008-6679[1]:
| Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and
| possibly other versions, allows remote attackers to cause a denial of
| service (ps2pdf crash) and possibly execute arbitrary code via a
| crafted Postscript file.

CVE-2009-0196[2]:
| Heap-based buffer overflow in the big2_decode_symbol_dict function
| (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in
| Ghostscript 8.64, and probably earlier versions, allows remote
| attackers to execute arbitrary code via a PDF file with a JBIG2 symbol
| dictionary segment with a large run length value.

Please coordinate with the security team (team@security.debian.org)
to prepare fixes for the stable releases.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
    http://security-tracker.debian.net/tracker/CVE-2007-6725
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
    http://security-tracker.debian.net/tracker/CVE-2008-6679
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
    http://security-tracker.debian.net/tracker/CVE-2009-0196

Message #10 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 524803@bugs.debian.org

Subject: CVE-2007-6725 fixed

Date: Tue, 21 Apr 2009 23:44:58 +0200

[Message part 1 (text/plain, inline)]

Hi,
I am currently triaging the ghostscript bugs for unstable...
After checking every upstream version after this bug was 
filed it turned out that CVE-2007-6725 was silently fixed in 
8.63 so this is a non-issue for unstable/testing.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #15 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 524803@bugs.debian.org

Cc: michael.s.gilbert@gmail.com

Subject: CVE-2008-6679 also fixed

Date: Tue, 21 Apr 2009 23:54:36 +0200

[Message part 1 (text/plain, inline)]

Hi,
turns out CVE-2008-6679 also is fixed since 8.64.
The only unfixed issue in this report is CVE-2009-0196.

Michael, please better check the code next time, this would 
have save me a lot of time this evening.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #20 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 524915@bugs.debian.org, 522416@bugs.debian.org, 524803@bugs.debian.org

Subject: intent to NMU

Date: Wed, 22 Apr 2009 01:51:31 +0200

[Message part 1 (text/plain, inline)]

Hi,
attached is a patch that fixes the described issues which I 
am going to upload as a 0-day NMU as there was no reaction 
on these bugs yet.

It will be also archived on:
http://people.debian.org/~nion/nmu-diff/ghostscript-8.64~dfsg-1_8.64~dfsg-1.1.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ghostscript-8.64~dfsg-1_8.64~dfsg-1.1.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #25 received at 524803-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 524803-close@bugs.debian.org

Subject: Bug#524803: fixed in ghostscript 8.64~dfsg-1.1

Date: Wed, 22 Apr 2009 00:02:07 +0000

Source: ghostscript
Source-Version: 8.64~dfsg-1.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive:

ghostscript-doc_8.64~dfsg-1.1_all.deb
  to pool/main/g/ghostscript/ghostscript-doc_8.64~dfsg-1.1_all.deb
ghostscript-x_8.64~dfsg-1.1_amd64.deb
  to pool/main/g/ghostscript/ghostscript-x_8.64~dfsg-1.1_amd64.deb
ghostscript_8.64~dfsg-1.1.diff.gz
  to pool/main/g/ghostscript/ghostscript_8.64~dfsg-1.1.diff.gz
ghostscript_8.64~dfsg-1.1.dsc
  to pool/main/g/ghostscript/ghostscript_8.64~dfsg-1.1.dsc
ghostscript_8.64~dfsg-1.1_amd64.deb
  to pool/main/g/ghostscript/ghostscript_8.64~dfsg-1.1_amd64.deb
gs-aladdin_8.64~dfsg-1.1_all.deb
  to pool/main/g/ghostscript/gs-aladdin_8.64~dfsg-1.1_all.deb
gs-common_8.64~dfsg-1.1_all.deb
  to pool/main/g/ghostscript/gs-common_8.64~dfsg-1.1_all.deb
gs-esp_8.64~dfsg-1.1_all.deb
  to pool/main/g/ghostscript/gs-esp_8.64~dfsg-1.1_all.deb
gs-gpl_8.64~dfsg-1.1_all.deb
  to pool/main/g/ghostscript/gs-gpl_8.64~dfsg-1.1_all.deb
gs_8.64~dfsg-1.1_all.deb
  to pool/main/g/ghostscript/gs_8.64~dfsg-1.1_all.deb
libgs-dev_8.64~dfsg-1.1_amd64.deb
  to pool/main/g/ghostscript/libgs-dev_8.64~dfsg-1.1_amd64.deb
libgs8_8.64~dfsg-1.1_amd64.deb
  to pool/main/g/ghostscript/libgs8_8.64~dfsg-1.1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 524803@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 22 Apr 2009 00:19:51 +0200
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x ghostscript-doc libgs8 libgs-dev
Architecture: source all amd64
Version: 8.64~dfsg-1.1
Distribution: unstable
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <mhatta@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Dummy package depending on ghostscript
 gs-esp     - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Closes: 522416 524803 524915
Changes: 
 ghostscript (8.64~dfsg-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * This update fixes various security issues:
     - CVE-2009-0792: multiple integer overflows in the icc library
       can cause a heap-based buffer overflow possibly leading to arbitray
       code execution.
     - CVE-2009-0584/CVE-2009-0583: Multiple integer overflows causing an
       application crash or possibly arbitrary code execution.
     - CVE-2009-0196: heap-based buffer overflow in big2_decode_symbol_dict()
       leading to arbitrary code execution via a crafted JBIG2 symbol
       dictionary segment.
       .
       (Closes: #524915, #522416, #524803)
Checksums-Sha1: 
 48bc19b292ba7fb13834b44605fd9cb5159494a4 1658 ghostscript_8.64~dfsg-1.1.dsc
 ee96233f4e4193fa02b59fcca02dc6520cc4669a 85786 ghostscript_8.64~dfsg-1.1.diff.gz
 edab987df5b0e64fba7f8ebd8e8289ceb407351d 30578 gs_8.64~dfsg-1.1_all.deb
 4a44c06643c3ff2bc3057ba0c65371d706f489ec 30580 gs-esp_8.64~dfsg-1.1_all.deb
 27b3d212393054e351853a33d3c1430c5bfc6b8c 30584 gs-gpl_8.64~dfsg-1.1_all.deb
 4c63ee50c2f8711e86a9a83916f52861623d67b5 30586 gs-aladdin_8.64~dfsg-1.1_all.deb
 ca04fe4286efe55cd2e13819aa0e8ac2b746ff30 30838 gs-common_8.64~dfsg-1.1_all.deb
 70642368aa4ee1f48ca6042e37e763f279515726 2967238 ghostscript-doc_8.64~dfsg-1.1_all.deb
 41e5bd0f754230194f52a9833e3bfc85a15bb77f 770316 ghostscript_8.64~dfsg-1.1_amd64.deb
 e238145504a7dd3143d282edfdd42819f0ab931f 64714 ghostscript-x_8.64~dfsg-1.1_amd64.deb
 ebe85b907136c30925520e65094568ee1cfd6450 2399198 libgs8_8.64~dfsg-1.1_amd64.deb
 3974e4cceb13266505e0b5e5b849c838747d052e 38346 libgs-dev_8.64~dfsg-1.1_amd64.deb
Checksums-Sha256: 
 0d4bae2b02705659308f06527343ea8c269be555de6d52410201f9da3a2caf7b 1658 ghostscript_8.64~dfsg-1.1.dsc
 4828b4680c4d897c06ed8d895004cb7eae50bd5a0d2970a17c34f197e65d86e3 85786 ghostscript_8.64~dfsg-1.1.diff.gz
 8c8c43a820fa897ebd0e990d30feebdc283c5873c0eef75caa9da720271dcd91 30578 gs_8.64~dfsg-1.1_all.deb
 7209fa298a4ab6ee84a5affd53ef3cb006d49f4311eaca9043beac605b199fce 30580 gs-esp_8.64~dfsg-1.1_all.deb
 0c0a2fe0b4cbd1ecbb8adcd1dfb9d2d5afee08d54189aaa2c593c87cc3d8e515 30584 gs-gpl_8.64~dfsg-1.1_all.deb
 5379d214ea23c3e182cdfa4e4e1ee793a23754a47083ab2042e228dfa77d9de5 30586 gs-aladdin_8.64~dfsg-1.1_all.deb
 c3469692907c6afff25b6ff6a22a0fa778fea1238d136c6c6cbe98ed84fab3ab 30838 gs-common_8.64~dfsg-1.1_all.deb
 4c076b69eb93f9635e2ea4343e6c92be3976aa15880b509cbf70a042d2943ea8 2967238 ghostscript-doc_8.64~dfsg-1.1_all.deb
 c15e453acfab7a233e805356c631bdf341c6dc501dae4a8ca9f24ffb3ea07d8d 770316 ghostscript_8.64~dfsg-1.1_amd64.deb
 4726ff1be484e4b29d01b863964cf6e3a2fc51eb0620dbe3e6d73b9828c8e4a1 64714 ghostscript-x_8.64~dfsg-1.1_amd64.deb
 a51cdf7a3dcddead8db46225a65eccf17c04fafc34e07b9df19074ddf4c3e852 2399198 libgs8_8.64~dfsg-1.1_amd64.deb
 e45c54461b6d74462acbef5db96a2575d24f0c4f5923f1c523b446d3ba15a068 38346 libgs-dev_8.64~dfsg-1.1_amd64.deb
Files: 
 2cb5e199d8a542bb9fe2491d199a5a37 1658 text optional ghostscript_8.64~dfsg-1.1.dsc
 b75e64ce81ee96df3bc296730685cf5b 85786 text optional ghostscript_8.64~dfsg-1.1.diff.gz
 4d8696d211e330dc102e5859a1d22482 30578 text extra gs_8.64~dfsg-1.1_all.deb
 4575e835cf84f61e85b095ef14d18555 30580 text extra gs-esp_8.64~dfsg-1.1_all.deb
 3ea99fcaddc2f57305e17542f8e7f0eb 30584 text extra gs-gpl_8.64~dfsg-1.1_all.deb
 a19a2211a52c7799d9d97b42da6682b8 30586 text extra gs-aladdin_8.64~dfsg-1.1_all.deb
 226ec96efd4510e42e24ca53d9e59da2 30838 text extra gs-common_8.64~dfsg-1.1_all.deb
 c1cf9564b59d349b1bb7979737f1fbd1 2967238 doc optional ghostscript-doc_8.64~dfsg-1.1_all.deb
 ade92597066cd987a7d209f30d1d2bdd 770316 text optional ghostscript_8.64~dfsg-1.1_amd64.deb
 b81e7b7f7cb796b475237d1ac52d8c55 64714 text optional ghostscript-x_8.64~dfsg-1.1_amd64.deb
 4666898f5ed8171fd479d7993d50c893 2399198 libs optional libgs8_8.64~dfsg-1.1_amd64.deb
 645ec9793b135975b5873505a3814f83 38346 libdevel optional libgs-dev_8.64~dfsg-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknuXAwACgkQHYflSXNkfP/PZgCcCJUOXQGeIYGgl9CWPgipjSqT
Cd8AoLcpA3a5GTwICRXJ+efN7aXf3Huf
=AVIk
-----END PGP SIGNATURE-----

Message #30 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Jonas Smedegaard <dr@jones.dk>

To: Nico Golde <nion@debian.org>, 524915@bugs.debian.org

Cc: 522416@bugs.debian.org, 524803@bugs.debian.org

Subject: Re: Bug#524915: intent to NMU

Date: Wed, 22 Apr 2009 02:31:42 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Apr 22, 2009 at 01:51:31AM +0200, Nico Golde wrote:
>Hi,
>attached is a patch that fixes the described issues which I 
>am going to upload as a 0-day NMU as there was no reaction 
>on these bugs yet.

Thanks a lot!  Your work is much appreciated.


  - Jonas

- -- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknuZW4ACgkQn7DbMsAkQLgOyQCfe0Wgp1uQsZuixXBFc7A7VV/y
I7AAniSGIBqgO7x8vmU+jB2tiNpZkF3t
=2yrz
-----END PGP SIGNATURE-----

Message #35 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: team@security.debian.org

Cc: 524803@bugs.debian.org, 524803-submitter@bugs.debian.org, 524915@bugs.debian.org, 524915-submitter@bugs.debian.org

Subject: ghostscript: proposed NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725 CVE-2008-6679

Date: Wed, 22 Apr 2009 20:20:29 +0200

[Message part 1 (text/plain, inline)]

Hi,

I've prepared a NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725
CVE-2008-6679 in lenny.

Proposed debdiff in attachment.

Cheers,
Giuseppe.

[ghostscript_8.62.dfsg.1-3.2lenny2.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #43 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <giuseppe@iuculano.it>

To: team@security.debian.org

Cc: 524803@bugs.debian.org, 524803-submitter@bugs.debian.org, 524915@bugs.debian.org, 524915-submitter@bugs.debian.org

Subject: Re: ghostscript: proposed NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725 CVE-2008-6679

Date: Wed, 22 Apr 2009 20:34:55 +0200

[Message part 1 (text/plain, inline)]

Giuseppe Iuculano ha scritto:
> Hi,
> 
> I've prepared a NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725
> CVE-2008-6679 in lenny.
> 
> Proposed debdiff in attachment.

Forgot to add 36_CVE-2008-6679.dpatch, resend correct debdiff.

Cheers,
Giuseppe.

[ghostscript_8.62.dfsg.1-3.2lenny2.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, attachment)]

Message #51 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Giuseppe Iuculano <giuseppe@iuculano.it>

Cc: team@security.debian.org, 524803@bugs.debian.org, 524803-submitter@bugs.debian.org, 524915@bugs.debian.org, 524915-submitter@bugs.debian.org

Subject: Re: ghostscript: proposed NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725 CVE-2008-6679

Date: Wed, 22 Apr 2009 22:15:05 +0200

On Wed, Apr 22, 2009 at 08:20:29PM +0200, Giuseppe Iuculano wrote:
> Hi,
> 
> I've prepared a NMU to fix CVE-2009-0792 CVE-2009-0196 CVE-2007-6725
> CVE-2008-6679 in lenny.

Thank you for your update. An update is already pending, but a
potential deficiency in one of the existing patches needs to be
sorted out before package can be released.

I will use your patchset to double-check the current package.

To avoid duplicated, feel free to contact us beforehand if you
want to work a patch for a specific issue. 

Thanks,
        Moritz

Message #59 received at 524803@bugs.debian.org (full text, mbox, reply):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

To: Nico Golde <nion@debian.org>

Cc: 524803@bugs.debian.org

Subject: Re: CVE-2008-6679 also fixed

Date: Sun, 26 Apr 2009 18:59:04 -0400

On Tue, 21 Apr 2009 23:54:36 +0200 Nico Golde wrote:

> Hi,
> turns out CVE-2008-6679 also is fixed since 8.64.
> The only unfixed issue in this report is CVE-2009-0196.
> 
> Michael, please better check the code next time, this would 
> have save me a lot of time this evening.

I appologize.  I have been relying on changelogs, rather than code
review.  ghostscript doesn't have a changelog, so I had no idea that
those CVEs had been fixed.

My intent is to get information into the tracker as soon as possible and
bug reports submitted.  My perception is that once the bug is
submitted, it is now the maintainer's responsibility to work with the
security team, determine affected versions, and get patches ready. It
seems overburdening that the security team does almost all of the
work.  Shouldn't we rely on the maintainer to do his/her fair share?
I mean, it is their package and they should be intimately familiar with
it and upstream's changes.

If I should be doing more code review, I will try. Do you have any
guidelines or workflow that I should follow?  It would be good to have
this kind of stuff documented for other newbies so that there isn't so
much trial-and-error like I'm running in to.

Mike

Message #64 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Cc: 524803@bugs.debian.org, secure-testing-team@lists.alioth.debian.org

Subject: Re: CVE-2008-6679 also fixed

Date: Mon, 27 Apr 2009 15:49:30 +0200

[Message part 1 (text/plain, inline)]

Hi,
* Michael S. Gilbert <michael.s.gilbert@gmail.com> [2009-04-27 15:27]:
> On Tue, 21 Apr 2009 23:54:36 +0200 Nico Golde wrote:
> > turns out CVE-2008-6679 also is fixed since 8.64.
> > The only unfixed issue in this report is CVE-2009-0196.
> > 
> > Michael, please better check the code next time, this would 
> > have save me a lot of time this evening.
> 
> I appologize.  I have been relying on changelogs, rather than code
> review.  ghostscript doesn't have a changelog, so I had no idea that
> those CVEs had been fixed.

Sorry this doesn't work in most of the cases, usually 
changelog entries are missing :)

> My intent is to get information into the tracker as soon as possible and
> bug reports submitted.  My perception is that once the bug is
> submitted, it is now the maintainer's responsibility to work with the
> security team, determine affected versions, and get patches ready.

That doesn't work because either the maintainer is not 
available or he is not experienced in handling security 
issues. Sure there are some maintainers who are very capable 
but the truth is most of the maintainers are not (why should 
they anyway).

> It seems overburdening that the security team does almost all 
> of the work.  Shouldn't we rely on the maintainer to do his/her fair share?

No sorry, as outlined above we can't always count on the maintainer 
being available (xpdf is a good example) and we really have 
to do more than just coordinating things.

> I mean, it is their package and they should be intimately familiar with
> it and upstream's changes.
> 
> If I should be doing more code review, I will try. Do you have any
> guidelines or workflow that I should follow?  It would be good to have
> this kind of stuff documented for other newbies so that there isn't so
> much trial-and-error like I'm running in to.

I don't know of any guideline and I don't really have an 
idea how one should look like, read the CVE id description, 
understand what this bug is about, find the piece of code 
that is responsible for this and read. If there is a 
reference to a patch or you know of a new upstream version 
that should fix it, look at that, create diffs and check it.

The same goes for the CVE id descriptions, if they say that 
something is fixed in version xy or something is vulnerable 
up to version xy, don't rely on that but check the code.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #69 received at 524803-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 524803-close@bugs.debian.org

Subject: Bug#524803: fixed in ghostscript 8.64~dfsg-1+squeeze1

Date: Mon, 04 May 2009 17:47:33 +0000

Source: ghostscript
Source-Version: 8.64~dfsg-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive:

ghostscript-doc_8.64~dfsg-1+squeeze1_all.deb
  to pool/main/g/ghostscript/ghostscript-doc_8.64~dfsg-1+squeeze1_all.deb
ghostscript-x_8.64~dfsg-1+squeeze1_amd64.deb
  to pool/main/g/ghostscript/ghostscript-x_8.64~dfsg-1+squeeze1_amd64.deb
ghostscript_8.64~dfsg-1+squeeze1.diff.gz
  to pool/main/g/ghostscript/ghostscript_8.64~dfsg-1+squeeze1.diff.gz
ghostscript_8.64~dfsg-1+squeeze1.dsc
  to pool/main/g/ghostscript/ghostscript_8.64~dfsg-1+squeeze1.dsc
ghostscript_8.64~dfsg-1+squeeze1_amd64.deb
  to pool/main/g/ghostscript/ghostscript_8.64~dfsg-1+squeeze1_amd64.deb
gs-aladdin_8.64~dfsg-1+squeeze1_all.deb
  to pool/main/g/ghostscript/gs-aladdin_8.64~dfsg-1+squeeze1_all.deb
gs-common_8.64~dfsg-1+squeeze1_all.deb
  to pool/main/g/ghostscript/gs-common_8.64~dfsg-1+squeeze1_all.deb
gs-esp_8.64~dfsg-1+squeeze1_all.deb
  to pool/main/g/ghostscript/gs-esp_8.64~dfsg-1+squeeze1_all.deb
gs-gpl_8.64~dfsg-1+squeeze1_all.deb
  to pool/main/g/ghostscript/gs-gpl_8.64~dfsg-1+squeeze1_all.deb
gs_8.64~dfsg-1+squeeze1_all.deb
  to pool/main/g/ghostscript/gs_8.64~dfsg-1+squeeze1_all.deb
libgs-dev_8.64~dfsg-1+squeeze1_amd64.deb
  to pool/main/g/ghostscript/libgs-dev_8.64~dfsg-1+squeeze1_amd64.deb
libgs8_8.64~dfsg-1+squeeze1_amd64.deb
  to pool/main/g/ghostscript/libgs8_8.64~dfsg-1+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 524803@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 22 Apr 2009 00:19:51 +0200
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x ghostscript-doc libgs8 libgs-dev
Architecture: source all amd64
Version: 8.64~dfsg-1+squeeze1
Distribution: testing-security
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <mhatta@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Dummy package depending on ghostscript
 gs-esp     - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Closes: 522416 524803 524915
Changes: 
 ghostscript (8.64~dfsg-1+squeeze1) testing-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * This update fixes various security issues:
     - CVE-2009-0792: multiple integer overflows in the icc library
       can cause a heap-based buffer overflow possibly leading to arbitray
       code execution.
     - CVE-2009-0584/CVE-2009-0583: Multiple integer overflows causing an
       application crash or possibly arbitrary code execution.
     - CVE-2009-0196: heap-based buffer overflow in big2_decode_symbol_dict()
       leading to arbitrary code execution via a crafted JBIG2 symbol
       dictionary segment.
       .
       (Closes: #524915, #522416, #524803)
Checksums-Sha1: 
 14f32b8d9f0d6c080fb9ab5b0dbe0c83d452af3e 1686 ghostscript_8.64~dfsg-1+squeeze1.dsc
 5bb48646a61d9453e5fa669d229a847136c8a680 11996078 ghostscript_8.64~dfsg.orig.tar.gz
 913cbe48f8d931f00968d8be58d56f7222340566 86715 ghostscript_8.64~dfsg-1+squeeze1.diff.gz
 cb910dc645de359b9f13a8e90ae1ba9a856d911c 30622 gs_8.64~dfsg-1+squeeze1_all.deb
 0205d82d28da9eda5b7f75e890a78e6be209b461 30618 gs-esp_8.64~dfsg-1+squeeze1_all.deb
 3fcbcb09f962e19874d28f61688b951a1ba56d02 30624 gs-gpl_8.64~dfsg-1+squeeze1_all.deb
 b0f2a16b66fe5f09412e05db57ac2b43d62bfff4 30630 gs-aladdin_8.64~dfsg-1+squeeze1_all.deb
 04b894385452935eebdde7e0b6b8749d481e6781 30884 gs-common_8.64~dfsg-1+squeeze1_all.deb
 b6365abfbb00d01c9d3b9114f85003a0640101b0 2964652 ghostscript-doc_8.64~dfsg-1+squeeze1_all.deb
 cdc5cab5ebf97796492541fcf5d39cd180463394 769912 ghostscript_8.64~dfsg-1+squeeze1_amd64.deb
 f7d778d1f20b7e307119f0616be377b9a096055b 64032 ghostscript-x_8.64~dfsg-1+squeeze1_amd64.deb
 bffa3343304c13c99a124f0b0b0a9868208039ee 2399554 libgs8_8.64~dfsg-1+squeeze1_amd64.deb
 f7c3486f9feb13599c6d5c6285e05b0cc88ab208 38320 libgs-dev_8.64~dfsg-1+squeeze1_amd64.deb
Checksums-Sha256: 
 c1b0b105c97e6519e799576b77ec122e1398ca68e1f0664ab6f1dd4994cb8fea 1686 ghostscript_8.64~dfsg-1+squeeze1.dsc
 cc856d33cb781cdc3383b8eb4e0f390997f8359fe144a906b84297b5d377f03d 11996078 ghostscript_8.64~dfsg.orig.tar.gz
 56f7f81acef3de7dcd242ff64a762840d59b05f1c16247047dfb6dd11b6a0983 86715 ghostscript_8.64~dfsg-1+squeeze1.diff.gz
 879dcaf08ca16d38a3bdbaa6ad825746075045fce6058dc682609bf1d4febc6e 30622 gs_8.64~dfsg-1+squeeze1_all.deb
 ee6930582ea9e8dc63dad0ea19f665fb557ea212dec2732e1c212a546fdf75e6 30618 gs-esp_8.64~dfsg-1+squeeze1_all.deb
 1b47ef59970e8ed3fa8c5b295c85d7778d54260225491a76a53b2c5bb7a03e1e 30624 gs-gpl_8.64~dfsg-1+squeeze1_all.deb
 4727d743dec40e284543eb485b747d863fd64a7d5dc4a3b5961988ece54974c2 30630 gs-aladdin_8.64~dfsg-1+squeeze1_all.deb
 c2a54af4b0f8371a9bd69256f3c360f3b997eab56b7c645443026fdee1dab797 30884 gs-common_8.64~dfsg-1+squeeze1_all.deb
 d855b88533b6f4f2d8fbd14eb75c8c2e6789e838c7b0fc9a96c2f18bf61b5fd5 2964652 ghostscript-doc_8.64~dfsg-1+squeeze1_all.deb
 0220ad7802e7e36bf4b2332bf8e9bdcbba74bc635c2c04757c1b9b2899007543 769912 ghostscript_8.64~dfsg-1+squeeze1_amd64.deb
 8fb3d594f4316e64749697a55b11601d8793d891cf8edf89ee8be595ca58f4d5 64032 ghostscript-x_8.64~dfsg-1+squeeze1_amd64.deb
 5d0a1eea0c034b170fcdfe71355d79341240f906dd4be3f8cb81b832734cecf2 2399554 libgs8_8.64~dfsg-1+squeeze1_amd64.deb
 4e0f12ff40de8f7a333a8f44ead78409822824c6ae96738be86068c121854578 38320 libgs-dev_8.64~dfsg-1+squeeze1_amd64.deb
Files: 
 f2487113efaedd0869b033e5dfd49cdd 1686 text optional ghostscript_8.64~dfsg-1+squeeze1.dsc
 e42706c2409815df5c959484080fd4a3 11996078 text optional ghostscript_8.64~dfsg.orig.tar.gz
 8317ffc09f923368e4305f025c6bfcd9 86715 text optional ghostscript_8.64~dfsg-1+squeeze1.diff.gz
 9e8022883ec4f35e22ac030fbd79a622 30622 text extra gs_8.64~dfsg-1+squeeze1_all.deb
 ff1f6644769114b644842cfb2456497f 30618 text extra gs-esp_8.64~dfsg-1+squeeze1_all.deb
 12c3bd09877de8c8fc2def9431d82d79 30624 text extra gs-gpl_8.64~dfsg-1+squeeze1_all.deb
 b295fb9a4d18c3ada094cd259f69cfe9 30630 text extra gs-aladdin_8.64~dfsg-1+squeeze1_all.deb
 20e9c0290d09dded49e1e0feccdc3368 30884 text extra gs-common_8.64~dfsg-1+squeeze1_all.deb
 10ed6579ecce2302b647bf7df16ef46c 2964652 doc optional ghostscript-doc_8.64~dfsg-1+squeeze1_all.deb
 61542d159ad18b46640761470dc85712 769912 text optional ghostscript_8.64~dfsg-1+squeeze1_amd64.deb
 9942a8959be5eb58fa12b4e6d2b0635e 64032 text optional ghostscript-x_8.64~dfsg-1+squeeze1_amd64.deb
 d1b5c3846dac054078fbb2548c216ae0 2399554 libs optional libgs8_8.64~dfsg-1+squeeze1_amd64.deb
 15158c213b74cab80a7c30bc4fbdc837 38320 libdevel optional libgs-dev_8.64~dfsg-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkn0fsgACgkQHYflSXNkfP8SrgCgi6VY5Ec67mZn5zjuXwiAOpnC
5AAAnR7J/I4ycrFr8Xc4gvglnHj7deQ6
=B/Kg
-----END PGP SIGNATURE-----

Message #74 received at 524803@bugs.debian.org (full text, mbox, reply):

From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

To: 524803@bugs.debian.org, team@security.debian.org

Subject: ghostscript vulns in stable

Date: Mon, 11 May 2009 11:53:24 -0400

hello all,

any news on the patches for ghostscript in stable (CVE-2007-6725,
CVE-2008-6679, and CVE-2009-0196)?  these issues have been sitting
unfixed for quite a while now. thanks.

mike

Message #79 received at 524803@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>

Cc: 524803@bugs.debian.org, team@security.debian.org

Subject: Re: ghostscript vulns in stable

Date: Wed, 13 May 2009 19:44:00 +0200

On Mon, May 11, 2009 at 11:53:24AM -0400, Michael S. Gilbert wrote:
> hello all,
> 
> any news on the patches for ghostscript in stable (CVE-2007-6725,
> CVE-2008-6679, and CVE-2009-0196)?  these issues have been sitting
> unfixed for quite a while now. thanks.

There are still regressions, which haven't been sorted out yet.

Cheers,
        Moritz

Send a report that this bug log contains spam.