[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908300: marked as done (ghostscript: Regression from a054156d425b4dbdaaa9fda4b5f1182b27598c2b commit ("Fix handling of pre-SAFER opened files"))



Your message dated Fri, 14 Sep 2018 17:04:43 +0000
with message-id <E1g0rWN-00082b-AL@fasolo.debian.org>
and subject line Bug#908300: fixed in ghostscript 9.25~dfsg-1~exp1
has caused the Debian Bug report #908300,
regarding ghostscript: Regression from a054156d425b4dbdaaa9fda4b5f1182b27598c2b commit ("Fix handling of pre-SAFER opened files")
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
908300: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908300
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.22~dfsg-3
Severity: serious
Tags: patch upstream
Justification: regression

Hi

It was reported a regression while testing the security update, which
resulted in the increment to +deb9u4, which included the fix. The
regression was spotted while
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b;hp=0d3901189f245232f0161addf215d7268c4d05a3
is applied:

https://github.com/apple/cups/issues/5392

There is an upstream fix for it:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=150c8f69646b854a99f35f27edaae012eb2e900f

(which might require
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3439399a5c
as well).

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.25~dfsg-1~exp1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 908300@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Sep 2018 18:39:11 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.25~dfsg-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 907703 908300 908303 908304 908305
Changes:
 ghostscript (9.25~dfsg-1~exp1) experimental; urgency=medium
 .
   [ upstream ]
   * New bugfix release(s).
     Closes: Bug#907703, #908300, #908303, #908304, #908305
     (CVE-2018-16509, CVE-2018-16543, CVE-2018-16510, CVE-2018-16585).
     Thanks to Salvatore Bonaccorso.
 .
   * Update copyright info:
     + Stop exclude image containing non-DFSG ICC profile when
       repackaging upstream source: Fixed upstream.
     + Fix cover license FTL.
   * Set Rules-Requires-Root: no.
   * Update symbols:
     + Drop commented out obsolete symbols.
     + Flag as optional symbols not declared in public header files.
   * Avoid privacy breach linking documentation to jquery:
     + Add patch 2009 to use local jquery.
     + Add symlink from relative link to system-shared jquery library.
     + Have ghostscript-doc depend on libjs-jquery.
   * Avoid privacy breach linking documentation to font:
     + Avoid linking to remote fonts in documentation.
   * Avoid privacy breach linking documentation with Google:
     + Strip googletagmanager code from documentation.
Checksums-Sha1:
 3bffe18729eeac8146b0e8567478db9334fecbb2 2765 ghostscript_9.25~dfsg-1~exp1.dsc
 6801ed2321af28a60cad6b39da07813b9d4c8840 17577772 ghostscript_9.25~dfsg.orig.tar.xz
 87bc40e0b7ead6664482a4a2e3105c3ab02bcf1b 106640 ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 4209318532b3776f8a51cb79e2275ef8fa8129e7 11818 ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo
Checksums-Sha256:
 799f47facbc6ef2b11d9846a23330c74c8cc7d60163d9e2b0fd7c6831839bdde 2765 ghostscript_9.25~dfsg-1~exp1.dsc
 d35949fe5c4e827d9468f29d395dd05c273d2482c703259084c8aff0a0ca6d82 17577772 ghostscript_9.25~dfsg.orig.tar.xz
 6b3006bbcc6528aa1034fc1d73bf5fbd0451e9dc12607b6a67e25eeeedf062f5 106640 ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 fe0c26419a55e60d679231e5df4a281f27c62865b4f57c16dc25b14bea5467a6 11818 ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo
Files:
 e728b22207588f4f237e7d0b209934d0 2765 text optional ghostscript_9.25~dfsg-1~exp1.dsc
 f9b9532d6bf70b615824293e7557a623 17577772 text optional ghostscript_9.25~dfsg.orig.tar.xz
 ff40800143ed11c68f95d48700823b71 106640 text optional ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 e5f3e09824728e7100b0c827563a2038 11818 text optional ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlub5PAACgkQLHwxRsGg
ASF2pQ/+N/eD0f7leVeRbwKEnhPqdqelIwx0UgQWXlc8X7MNa0NXom+2zMXvWJEG
HR3V/tprF+UViy2r4rDeFPRdn+UZJpHtCt474PMel96CjaEsCYbk8LHQCQ3b5Ey7
mDw/4Mwtub5d0PKA8zNm+XoxeWM1qg0xRiDw8DAIF/89sQDRzRl4ApQsLkh3Bw48
QIceelOYnGflgtcrzd85ZoXT6+5O8pHMhFdELBnokNwKDUTNKtGLeQodFLFr8II8
qvMdzzdahNYQqFlgt1YdSciZzwRdV5uzUQaxPZ1M3sXaADPGk8crqEhlfhPwt/En
5Uv6F4Mr3lPeXK7ypiMOYTA8s6mII5YZ7xaZYwXbU6hBhB2fS6HxrWTQ9WoLF2Aq
judEU7BLVCNUR6bSzs4su71GgIIRAkwT1IUL2FQDnB78aQyhvYLaBx6sbz6Jf7Uh
Akm5Hu3+jj/hni0SmTbIenn2MnrC2V05oGQV6FRjPn04klRDoNmkNZF17ISXIjEq
bu/Ndkzod+FjkS4aFyx65FxWxneq5zgu13mX8r+nTromE6G262xyiOKrWqrZLuia
w2KUeXc8+YgZetFSrtFl6eCcgyZ9ticumBYCq4kEb2f2gq7oZ7me//w8jbIAqPPc
tNTS8/wJq2z/E5c7dpcy2Dvh32x3GNh7t7hZbT2i9p0KocNXYO8=
=t7ND
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: