Bug#584009: marked as done (hevea: Security bugs in ghostscript)

To: Ralf Treinen <treinen@debian.org>
Subject: Bug#584009: marked as done (hevea: Security bugs in ghostscript)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 01 Jun 2010 18:51:08 +0000
Message-id: <[🔎] handler.584009.D584009.127541816317585.ackdone@bugs.debian.org>
References: <E1OJWWe-0006u6-Vn@ries.debian.org> <[🔎] 20100601010848.17732.15549.reportbug@bari.maths.usyd.edu.au>

Your message dated Tue, 01 Jun 2010 18:49:20 +0000
with message-id <E1OJWWe-0006u6-Vn@ries.debian.org>
and subject line Bug#584009: fixed in hevea 1.10-12
has caused the Debian Bug report #584009,
regarding hevea: Security bugs in ghostscript
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
584009: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584009
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: hevea: Security bugs in ghostscript
From: Paul Szabo <paul.szabo@sydney.edu.au>
Date: Tue, 01 Jun 2010 11:08:48 +1000
Message-id: <[🔎] 20100601010848.17732.15549.reportbug@bari.maths.usyd.edu.au>

Package: hevea
Severity: grave
Tags: security
Justification: user security hole


Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package depends on ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages hevea depends on:
ii  ghostscript-x [gs] 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii  gs                 8.62.dfsg.1-3.2lenny1 Transitional package
ii  netpbm             2:10.0-12+lenny1      Graphics conversion tools
ii  ocaml-base         3.10.2-3              Runtime system for OCaml bytecode 
ii  tetex-bin          2007.dfsg.2-1~lenny2  TeX Live: teTeX transitional packa

hevea recommends no packages.

Versions of packages hevea suggests:
pn  netpbm-nonfree                <none>     (no description available)

--- End Message ---

--- Begin Message ---

To: 584009-close@bugs.debian.org
Subject: Bug#584009: fixed in hevea 1.10-12
From: Ralf Treinen <treinen@debian.org>
Date: Tue, 01 Jun 2010 18:49:20 +0000
Message-id: <E1OJWWe-0006u6-Vn@ries.debian.org>

Source: hevea
Source-Version: 1.10-12

We believe that the bug you reported is fixed in the latest version of
hevea, which is due to be installed in the Debian FTP archive:

hevea_1.10-12.debian.tar.gz
  to main/h/hevea/hevea_1.10-12.debian.tar.gz
hevea_1.10-12.dsc
  to main/h/hevea/hevea_1.10-12.dsc
hevea_1.10-12_all.deb
  to main/h/hevea/hevea_1.10-12_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584009@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ralf Treinen <treinen@debian.org> (supplier of updated hevea package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 01 Jun 2010 20:18:49 +0200
Source: hevea
Binary: hevea
Architecture: source all
Version: 1.10-12
Distribution: unstable
Urgency: low
Maintainer: Debian OCaml Maintainers <debian-ocaml-maint@lists.debian.org>
Changed-By: Ralf Treinen <treinen@debian.org>
Description: 
 hevea      - translates from LaTeX to HTML, info, or text
Closes: 584009
Changes: 
 hevea (1.10-12) unstable; urgency=low
 .
   [ Stéphane Glondu ]
   * debian/control: update my e-mail address
 .
   [ Ralf Treinen ]
   * Remove Zack from uploaders on his request.
   * Patch gs-options: call gs with additional options -P- -dSAFER
     (closes: #584009)
Checksums-Sha1: 
 00f0b7718ca7fab33b222b11cad52741a78c28d2 1411 hevea_1.10-12.dsc
 2f8f81af19edfa1e7d7554add9dce93d3427c9ab 18817 hevea_1.10-12.debian.tar.gz
 3007b1f8e8e4f1b4cbeb605bd77de6f198f61363 400330 hevea_1.10-12_all.deb
Checksums-Sha256: 
 c873713febd9fbd219770ab1eea6c0b3f98605985712bbcdd81531c515658e94 1411 hevea_1.10-12.dsc
 9a484a3c88041cf37d06c8ed0afb1b606fb129c24428cd8c3f314e778f700f46 18817 hevea_1.10-12.debian.tar.gz
 8f21bdd3ec7655ed8b0bd2f84950a56a78a53c1ce932730dbed800228b09860d 400330 hevea_1.10-12_all.deb
Files: 
 faf0c1b75b8fe2de4cccbdf5f01b5e38 1411 tex optional hevea_1.10-12.dsc
 fdfed324cae1135b96d4d126a247e833 18817 tex optional hevea_1.10-12.debian.tar.gz
 cbff7775c45815f4f7e4e3ecafed56dd 400330 tex optional hevea_1.10-12_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMBVOgtzWmSeC6BMERAm5wAKCUBoUrkIbp89ao+p8UyDEk2DobSwCfTqDf
04pv1KFlOVVrJwcJ0vkmezQ=
=GpMx
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#584009: hevea: Security bugs in ghostscript
  - From: Paul Szabo <paul.szabo@sydney.edu.au>

Prev by Date: Bug#580090: marked as done (FTBFS because of unrecognized ocamlgraph version)
Next by Date: Processing of alt-ergo_0.91-1_amd64.changes
Previous by thread: Bug#584009: hevea: Security bugs in ghostscript
Next by thread: Processed: tagging 584009
Index(es):
- Date
- Thread