Bug#908304: marked as done (ghostscript: CVE-2018-16510)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 14 Sep 2018 17:04:43 +0000
with message-id <E1g0rWN-00082n-D0@fasolo.debian.org>
and subject line Bug#908304: fixed in ghostscript 9.25~dfsg-1~exp1
has caused the Debian Bug report #908304,
regarding ghostscript: CVE-2018-16510
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
908304: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908304
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ghostscript: CVE-2018-16510
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Sat, 08 Sep 2018 10:55:42 +0200
• Message-id: <[🔎] 153639694284.1714.7354349389307722059.reportbug@eldamar.local>

Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699671

Hi,

The following vulnerability was published for ghostscript.

CVE-2018-16510[0]:
| An issue was discovered in Artifex Ghostscript before 9.24. Incorrect
| exec stack handling in the "CS" and "SC" PDF primitives could be used
| by remote attackers able to supply crafted PDFs to crash the
| interpreter or possibly have unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16510
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16510
[1] https://bugs.ghostscript.com/show_bug.cgi?id=699671
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 908304-close@bugs.debian.org
• Subject: Bug#908304: fixed in ghostscript 9.25~dfsg-1~exp1
• From: Jonas Smedegaard <dr@jones.dk>
• Date: Fri, 14 Sep 2018 17:04:43 +0000
• Message-id: <E1g0rWN-00082n-D0@fasolo.debian.org>

Source: ghostscript
Source-Version: 9.25~dfsg-1~exp1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 908304@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Sep 2018 18:39:11 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.25~dfsg-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 907703 908300 908303 908304 908305
Changes:
 ghostscript (9.25~dfsg-1~exp1) experimental; urgency=medium
 .
   [ upstream ]
   * New bugfix release(s).
     Closes: Bug#907703, #908300, #908303, #908304, #908305
     (CVE-2018-16509, CVE-2018-16543, CVE-2018-16510, CVE-2018-16585).
     Thanks to Salvatore Bonaccorso.
 .
   * Update copyright info:
     + Stop exclude image containing non-DFSG ICC profile when
       repackaging upstream source: Fixed upstream.
     + Fix cover license FTL.
   * Set Rules-Requires-Root: no.
   * Update symbols:
     + Drop commented out obsolete symbols.
     + Flag as optional symbols not declared in public header files.
   * Avoid privacy breach linking documentation to jquery:
     + Add patch 2009 to use local jquery.
     + Add symlink from relative link to system-shared jquery library.
     + Have ghostscript-doc depend on libjs-jquery.
   * Avoid privacy breach linking documentation to font:
     + Avoid linking to remote fonts in documentation.
   * Avoid privacy breach linking documentation with Google:
     + Strip googletagmanager code from documentation.
Checksums-Sha1:
 3bffe18729eeac8146b0e8567478db9334fecbb2 2765 ghostscript_9.25~dfsg-1~exp1.dsc
 6801ed2321af28a60cad6b39da07813b9d4c8840 17577772 ghostscript_9.25~dfsg.orig.tar.xz
 87bc40e0b7ead6664482a4a2e3105c3ab02bcf1b 106640 ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 4209318532b3776f8a51cb79e2275ef8fa8129e7 11818 ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo
Checksums-Sha256:
 799f47facbc6ef2b11d9846a23330c74c8cc7d60163d9e2b0fd7c6831839bdde 2765 ghostscript_9.25~dfsg-1~exp1.dsc
 d35949fe5c4e827d9468f29d395dd05c273d2482c703259084c8aff0a0ca6d82 17577772 ghostscript_9.25~dfsg.orig.tar.xz
 6b3006bbcc6528aa1034fc1d73bf5fbd0451e9dc12607b6a67e25eeeedf062f5 106640 ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 fe0c26419a55e60d679231e5df4a281f27c62865b4f57c16dc25b14bea5467a6 11818 ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo
Files:
 e728b22207588f4f237e7d0b209934d0 2765 text optional ghostscript_9.25~dfsg-1~exp1.dsc
 f9b9532d6bf70b615824293e7557a623 17577772 text optional ghostscript_9.25~dfsg.orig.tar.xz
 ff40800143ed11c68f95d48700823b71 106640 text optional ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 e5f3e09824728e7100b0c827563a2038 11818 text optional ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlub5PAACgkQLHwxRsGg
ASF2pQ/+N/eD0f7leVeRbwKEnhPqdqelIwx0UgQWXlc8X7MNa0NXom+2zMXvWJEG
HR3V/tprF+UViy2r4rDeFPRdn+UZJpHtCt474PMel96CjaEsCYbk8LHQCQ3b5Ey7
mDw/4Mwtub5d0PKA8zNm+XoxeWM1qg0xRiDw8DAIF/89sQDRzRl4ApQsLkh3Bw48
QIceelOYnGflgtcrzd85ZoXT6+5O8pHMhFdELBnokNwKDUTNKtGLeQodFLFr8II8
qvMdzzdahNYQqFlgt1YdSciZzwRdV5uzUQaxPZ1M3sXaADPGk8crqEhlfhPwt/En
5Uv6F4Mr3lPeXK7ypiMOYTA8s6mII5YZ7xaZYwXbU6hBhB2fS6HxrWTQ9WoLF2Aq
judEU7BLVCNUR6bSzs4su71GgIIRAkwT1IUL2FQDnB78aQyhvYLaBx6sbz6Jf7Uh
Akm5Hu3+jj/hni0SmTbIenn2MnrC2V05oGQV6FRjPn04klRDoNmkNZF17ISXIjEq
bu/Ndkzod+FjkS4aFyx65FxWxneq5zgu13mX8r+nTromE6G262xyiOKrWqrZLuia
w2KUeXc8+YgZetFSrtFl6eCcgyZ9ticumBYCq4kEb2f2gq7oZ7me//w8jbIAqPPc
tNTS8/wJq2z/E5c7dpcy2Dvh32x3GNh7t7hZbT2i9p0KocNXYO8=
=t7ND
-----END PGP SIGNATURE-----

--- End Message ---