Bug#859666: marked as done (ghostscript: CVE-2016-10219)

To: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#859666: marked as done (ghostscript: CVE-2016-10219)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 28 Apr 2017 09:06:07 +0000
Message-id: <[🔎] handler.859666.D859666.149337023812188.ackdone@bugs.debian.org>
References: <E1d41oj-000IcT-Ls@fasolo.debian.org> <[🔎] 149141805056.12833.1887872711415247301.reportbug@eldamar.local>

Your message dated Fri, 28 Apr 2017 09:03:57 +0000
with message-id <E1d41oj-000IcT-Ls@fasolo.debian.org>
and subject line Bug#859666: fixed in ghostscript 9.20~dfsg-3.1
has caused the Debian Bug report #859666,
regarding ghostscript: CVE-2016-10219
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
859666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859666
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ghostscript: CVE-2016-10219
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 05 Apr 2017 20:47:30 +0200
Message-id: <[🔎] 149141805056.12833.1887872711415247301.reportbug@eldamar.local>

Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453

Hi,

the following vulnerability was published for ghostscript.

CVE-2016-10219[0]:
| The intersect function in base/gxfill.c in Artifex Software, Inc.
| Ghostscript 9.20 allows remote attackers to cause a denial of service
| (divide-by-zero error and application crash) via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10219
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697453
[2] http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 859666-close@bugs.debian.org
Subject: Bug#859666: fixed in ghostscript 9.20~dfsg-3.1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 28 Apr 2017 09:03:57 +0000
Message-id: <E1d41oj-000IcT-Ls@fasolo.debian.org>

Source: ghostscript
Source-Version: 9.20~dfsg-3.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859666@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 28 Apr 2017 06:50:05 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.20~dfsg-3.1
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 859662 859666 859694 859696 861295
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.20~dfsg-3.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * -dSAFER bypass and remote command execution via a "/OutputFile  (%pipe%"
     substring (CVE-2017-8291) (Closes: #861295)
   * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696)
   * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220)
     (Closes: #859694)
   * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
     (Closes: #859666)
   * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
     (Closes: #859662)
Checksums-Sha1: 
 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc
 ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz
 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb
 fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb
Checksums-Sha256: 
 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc
 d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz
 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd5133d1e6be25 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb
 975eb0dee2daec3abec78a5a711a266e62c097f022bd311c81eec482021469f8 5160310 libgs9-common_9.20~dfsg-3.1_all.deb
Files: 
 e175a069819fb9b4427d067224117197 3025 text optional ghostscript_9.20~dfsg-3.1.dsc
 0c1e846432225a349fc8c2468782e348 114264 text optional ghostscript_9.20~dfsg-3.1.debian.tar.xz
 58c815ac983e543243491b7868dbb1fc 5630604 doc optional ghostscript-doc_9.20~dfsg-3.1_all.deb
 553fdff0bcc31e300f5c935379b2cecf 5160310 libs optional libgs9-common_9.20~dfsg-3.1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkCzw9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvcIP/2pqibgJm2OGBXZg/D4AfLfufCIlLz2e
mGWTBipJa1zcWX42jQ57bsKaQ2va7C2FFOTwDUumOKlo/TqwOmYV3irwqr2I3ihI
ILvE7CzgLf/Rfaem6BuCqUtRU0oop58iFHHp93XYvJ7wlklh6Lz7bvkzowp6ca0H
20BF4trrm9eLuT8aiPyogmvqer63IGpIgG1SbuZUE9AB0i4NgsvUZkrPd5CQN73v
ctYGACXejCIU/YF6QvmFT1i0joeideS1dNJRrxesY7f2S5cSEbEh7pueiCV9vf15
tE+iRZ7W+NoeTJwHgh5bDYL71mCCfPeD3CtSGcVqVWCVw10IP2yD8OnU8ie030cX
oslYjp3XIDtaaxzfF+MIEz7ha6hM1FQOxtQAMJhdHM9PGY0baJf0+dwa/YF/n/mO
WRAguwFnPV5cQYcyqPV1tHUkdSdQsCFu+gZfIb7SEK/b3RV8PfqdDnzSOr53V31Q
dyzhDp28lGHgymCkY19gl9WHszKWumj3OddBc6Kk9q7UHpeKmkMK9R7PYBoZUKqL
YD54sgg0tAByfyJT/wzJpkS5F4L2Z2kfyCiOCfv1bVMp1IEJy/3+iZdmm9sIl5y2
5JtyQ3rocStOHnodpIf9Ni+L9RFAmQa2xeAwRfyPsKnGY8fvdy9FumSrBXJlNyi6
5RSYeXgZB7Pm
=D0ON
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#859666: ghostscript: CVE-2016-10219
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: cups-filters_1.13.5-1_source.changes ACCEPTED into experimental
Next by Date: Bug#859662: marked as done (ghostscript: CVE-2016-10217)
Previous by thread: Processed: ghostscript: diff for NMU version 9.20~dfsg-3.1
Next by thread: Bug#859666: marked as done (ghostscript: CVE-2016-10219)
Index(es):
- Date
- Thread