Bug#1043033: marked as done (ghostscript: CVE-2023-38559)
Your message dated Sun, 01 Oct 2023 12:17:27 +0000
with message-id <E1qmvO3-00Gnir-Ls@fasolo.debian.org>
and subject line Bug#1043033: fixed in ghostscript 9.53.3~dfsg-7+deb11u6
has caused the Debian Bug report #1043033,
regarding ghostscript: CVE-2023-38559
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1043033: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043033
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ghostscript: CVE-2023-38559
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 04 Aug 2023 21:32:52 +0200
- Message-id: <169117757285.908354.16020139191318883098.reportbug@eldamar.lan>
Source: ghostscript
Version: 10.01.2~dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 10.0.0~dfsg-11+deb12u1
Control: found -1 10.0.0~dfsg-11
Control: found -1 9.53.3~dfsg-7+deb11u5
Control: found -1 9.53.3~dfsg-7
Hi,
The following vulnerability was published for ghostscript.
CVE-2023-38559[0]:
| A buffer overflow flaw was found in base/gdevdevn.c:1973 in
| devn_pcx_write_rle() in ghostscript. This issue may allow a local
| attacker to cause a denial of service via outputting a crafted PDF
| file for a DEVN device with gs.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-38559
https://www.cve.org/CVERecord?id=CVE-2023-38559
[1] https://bugs.ghostscript.com/show_bug.cgi?id=706897 (private)
[2] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.53.3~dfsg-7+deb11u6
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1043033@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 29 Sep 2023 14:24:57 +0200
Source: ghostscript
Architecture: source
Version: 9.53.3~dfsg-7+deb11u6
Distribution: bullseye
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1043033
Changes:
ghostscript (9.53.3~dfsg-7+deb11u6) bullseye; urgency=medium
.
* Non-maintainer upload.
* Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559)
(Closes: #1043033)
* IJS device - try and secure the IJS server startup (CVE-2023-43115)
Checksums-Sha1:
c5b7a29283f84ad82179165f35ead06c3f9ff080 2864 ghostscript_9.53.3~dfsg-7+deb11u6.dsc
09daa599ce0301cc4a67501eec740db77a08b70d 124908 ghostscript_9.53.3~dfsg-7+deb11u6.debian.tar.xz
Checksums-Sha256:
b83d9e56f634a6e5464a8d4596cc7557efb6ab6d8f32e06880cb60bd6bf564af 2864 ghostscript_9.53.3~dfsg-7+deb11u6.dsc
9cb835179d8e74b72fd1b37a489f109c9068bbb6c41df8783095770d500a458a 124908 ghostscript_9.53.3~dfsg-7+deb11u6.debian.tar.xz
Files:
ef8da017f2e3de90bc4e243ea39c1f9a 2864 text optional ghostscript_9.53.3~dfsg-7+deb11u6.dsc
ec7ce94b199e560cf99b48bdca4bb571 124908 text optional ghostscript_9.53.3~dfsg-7+deb11u6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUWxA1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EyVcP/RKtjD92LLT9NosvscvnGu2Cdu94wK+j
Vpj20Z6NdSBRkGwz2wv0vzVJiB0ptp8zKBeTxe1M8z1eIE4JaVm5QJJwPSwtf2Bb
99IeVJGhUXon687xkHFpfUEoUEzzP9Vzg5uBRql6iMlsJQwgQaxJHnm+ti1rDfN1
fJGVvF6A6eSnfUptIGI6dkOaC8sERQnxbwnMlioLFAKviz+JMEOeETh+j6LQjIUB
ywSCTLBA37H4hbuaZ523nMEsDCpei4cvHxwiH5rwi/ZXm9k2VK1JgVCEyKHdAmgm
87Ya1kPnpgM7imxsK8etaTA/hDEHtV/TPGMAC5+FwtO6od1Zgl4lK/OMCG8f1wyw
aPYUN+pbsCLy6ULmyZsh5atxrCYrT/LOcFoVGIaUcA8i6zLvrV1L/8MTNliDGqB7
BuL3WlEQjTl294ljVRrEeCdUCfEb2DMQC1AqZl9kYncyQUoejGobcdvCK514w7Ed
cLTPMynJR+TDxCxntLIS17n+y6UWzjm2inKMBWBJWsOWWEDdtUuYkLUX6QLibYqf
39UolIscgkRPNeP7R5FiqkcZoed7ZzNMx8LYwuFlgEoO6M4MvVmsGbGVYzw5ClOc
4Cjx3/9pcl4YJ1P8/M4M3kQOs4jq/CHNl5YvYo6AScRKjtxF8z/oDdaAf3G0IhUP
gVjL2a3Ddnnp
=uz5J
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: