[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#840691: marked as done (libgs9: security update DSA-3691-1 breaks zathura, evince, ... in jessie)

Your message dated Sat, 29 Oct 2016 17:47:08 +0000
with message-id <E1c0Xim-0005Ns-SC@fasolo.debian.org>
and subject line Bug#840691: fixed in ghostscript 9.06~dfsg-2+deb8u4
has caused the Debian Bug report #840691,
regarding libgs9: security update DSA-3691-1 breaks zathura, evince, ... in jessie
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
840691: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840691
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libgs9
Version: 9.06~dfsg-2+deb8u3
Severity: grave
Tags: security
Justification: renders package unusable

Hello!

I had a bad surprise today in jessie.
After the security update:

  [UPGRADE] libgs9:amd64 9.06~dfsg-2+deb8u1 -> 9.06~dfsg-2+deb8u3
  [UPGRADE] libgs9-common:amd64 9.06~dfsg-2+deb8u1 -> 9.06~dfsg-2+deb8u3

I was unable to use zathura or evince (maybe other PS viewers are
affected):

  $ zathura foo.eps
  warning: Failed to loads bookmarks.
  invalidaccess -7
  error: Rendering failed (page 1)
  $ evince foo.eps
  invalidaccess -7
  invalidaccess -7
  Segmentation fault

After downgrading back to libgs9/9.06~dfsg-2+deb8u1 and
libgs9-common/9.06~dfsg-2+deb8u1, everything is back to normal
and the two PS viewers work again.

What went wrong?
If this is indeed a regression (as it seems to be), please fix it
as soon as possible!

Thanks for your time.


-- System Information:
Debian Release: 8.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/20 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libgs9 depends on:
ii  libc6                           2.19-18+deb8u6
ii  libcups2                        1.7.5-11+deb8u1
ii  libcupsimage2                   1.7.5-11+deb8u1
ii  libfontconfig1                  2.11.0-6.3+deb8u1
ii  libfreetype6                    2.5.2-3+deb8u1
ii  libgs9-common                   9.06~dfsg-2+deb8u3
ii  libidn11                        1.29-1+deb8u2
ii  libijs-0.35                     0.35-10
ii  libjasper1                      1.900.1-debian1-2.4+deb8u1
ii  libjbig2dec0                    0.11+20120125-1
ii  libjpeg62-turbo                 1:1.3.1-12
ii  liblcms2-2                      2.6-3+b3
ii  libpaper1                       1.1.24+nmu4
ii  libpng12-0                      1.2.50-2+deb8u2
ii  libtiff5                        4.0.3-12.3+deb8u1
ii  poppler-data [gs-cjk-resource]  0.4.7-1
ii  zlib1g                          1:1.2.8.dfsg-2+b1

libgs9 recommends no packages.

libgs9 suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u4

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 840691@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2016 12:51:34 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 840691
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.06~dfsg-2+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add 840691-Fix-.locksafe.patch patch.
     Fixes regression seen with zathura and evince. Fix .locksafe. We need to
     .forceput the defintion of getenv into systemdict.
     Thanks to Edgar Fuß <ef@math.uni-bonn.de> (Closes: #840691)
Checksums-Sha1: 
 30e40babe4998dd5c010e98a35cb5d7b63ca7e75 3015 ghostscript_9.06~dfsg-2+deb8u4.dsc
 210a7457ea018227279a1ef1b61c1283cb3f5f15 97044 ghostscript_9.06~dfsg-2+deb8u4.debian.tar.xz
 ec640d87b6b9ae062c96f73fa840b6e83435ea54 5067342 ghostscript-doc_9.06~dfsg-2+deb8u4_all.deb
 b27307bdf5f579e1e72a305943ba0fddd14e8149 1979312 libgs9-common_9.06~dfsg-2+deb8u4_all.deb
Checksums-Sha256: 
 b45873fd53c51ad36d192e614ce2107134c192252e41ffdd0c81363e46dee6da 3015 ghostscript_9.06~dfsg-2+deb8u4.dsc
 63ffe4addaba5429fcb85dd2a806cad87261d9b509962377f880214ad840968e 97044 ghostscript_9.06~dfsg-2+deb8u4.debian.tar.xz
 c047a0b28ebe74ad9cc64651e9cd5bebbdcd4bd7606d07e72ecef06ea60451e0 5067342 ghostscript-doc_9.06~dfsg-2+deb8u4_all.deb
 46733c51c5aca6fca6053205d3dde1c18e22266a0904e2304f94f8b901e6eb3b 1979312 libgs9-common_9.06~dfsg-2+deb8u4_all.deb
Files: 
 17d33344601f74992652901e9587538a 3015 text optional ghostscript_9.06~dfsg-2+deb8u4.dsc
 29e13a12e8fbc8349366a7121e2e303c 97044 text optional ghostscript_9.06~dfsg-2+deb8u4.debian.tar.xz
 076f7e784308e1235af2439d0e063489 5067342 doc optional ghostscript-doc_9.06~dfsg-2+deb8u4_all.deb
 824fee8904fc9125085d17775bd71444 1979312 libs optional libgs9-common_9.06~dfsg-2+deb8u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQKPBAEBCgB5BQJYEy/NXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRIar
D/9ikiwG7JAtNcpekumG96dxCn9aFGPkTz1elrxDShDylBSM0oCWnvgg5zkstW68
Y1ruyTbBCu5uYCzaHml9WGK2wVICuGN9N5QlFLm06K9nl0D4qcTsg/zo3GCiSxjH
+LllaNydtG3oBKoj2IZC9V89bXZ+/fJctyax5MGyBfDV33ed52L6cZgCDgnUZT+G
LmkMbmoad7hqmXG0I9/89Fcd/MuiqtICeGZ34KF7+cZnC5snHzhkFR2RlWb5wlaC
xUV+1aRNHdBnVx93k9J77c2sc+Ds9OIEtSk3wCex4JI11St8BZPfp0o37yBjlz0B
7VwPe9yJJVqAGzExjkCgQOX4UCS281wd6JKQDHtSZ5F9aJQjTGmiw8kWDNzkcBlh
AHfbsRaJ2dDofLZRCxpGI14Ucbu8pbNJoDQhvWH0Yac0O9zkmRUQy99ZP7wfnFBZ
G6Vfn8BCGME+b9ZBfxf5+qJuaIFcKSr9ih4hqul/fm346+mi+THmSLxTryWsSIsZ
VhbLBu1+c7bWJsevdWefFJdOKDqbc93V8lNHRtLJ22L6XwMSfQux1viwgon2HeNo
B3A4SSzFUGuXaRu+yGI8JSz6KWBZLhpdfk/AmW3QL+stg5EUb4cMMH7U3CCY0yHK
WiYRN62LXwVdpyc0tSISUiEl+Ml58iszKsFcmhWYlXTsbg==
=bgBn
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: