[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908305: marked as done (ghostscript: CVE-2018-16585)

Your message dated Fri, 14 Sep 2018 17:04:43 +0000
with message-id <E1g0rWN-00082t-EF@fasolo.debian.org>
and subject line Bug#908305: fixed in ghostscript 9.25~dfsg-1~exp1
has caused the Debian Bug report #908305,
regarding ghostscript: CVE-2018-16585
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

908305: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908305
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699663
Control: fixed -1 9.20~dfsg-3.2+deb9u3


The following vulnerability was published for ghostscript.

| An issue was discovered in Artifex Ghostscript before 9.24. The
| .setdistillerkeys PostScript command is accepted even though it is not
| intended for use during document processing (e.g., after the startup
| phase). This leads to memory corruption, allowing remote attackers able
| to supply crafted PostScript to crash the interpreter or possibly have
| unspecified other impact.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16585
[1] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
[3] https://bugs.ghostscript.com/show_bug.cgi?id=699663

Please adjust the affected versions in the BTS as needed.


--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.25~dfsg-1~exp1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 908305@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA512

Format: 1.8
Date: Fri, 14 Sep 2018 18:39:11 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.25~dfsg-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 907703 908300 908303 908304 908305
 ghostscript (9.25~dfsg-1~exp1) experimental; urgency=medium
   [ upstream ]
   * New bugfix release(s).
     Closes: Bug#907703, #908300, #908303, #908304, #908305
     (CVE-2018-16509, CVE-2018-16543, CVE-2018-16510, CVE-2018-16585).
     Thanks to Salvatore Bonaccorso.
   * Update copyright info:
     + Stop exclude image containing non-DFSG ICC profile when
       repackaging upstream source: Fixed upstream.
     + Fix cover license FTL.
   * Set Rules-Requires-Root: no.
   * Update symbols:
     + Drop commented out obsolete symbols.
     + Flag as optional symbols not declared in public header files.
   * Avoid privacy breach linking documentation to jquery:
     + Add patch 2009 to use local jquery.
     + Add symlink from relative link to system-shared jquery library.
     + Have ghostscript-doc depend on libjs-jquery.
   * Avoid privacy breach linking documentation to font:
     + Avoid linking to remote fonts in documentation.
   * Avoid privacy breach linking documentation with Google:
     + Strip googletagmanager code from documentation.
 3bffe18729eeac8146b0e8567478db9334fecbb2 2765 ghostscript_9.25~dfsg-1~exp1.dsc
 6801ed2321af28a60cad6b39da07813b9d4c8840 17577772 ghostscript_9.25~dfsg.orig.tar.xz
 87bc40e0b7ead6664482a4a2e3105c3ab02bcf1b 106640 ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 4209318532b3776f8a51cb79e2275ef8fa8129e7 11818 ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo
 799f47facbc6ef2b11d9846a23330c74c8cc7d60163d9e2b0fd7c6831839bdde 2765 ghostscript_9.25~dfsg-1~exp1.dsc
 d35949fe5c4e827d9468f29d395dd05c273d2482c703259084c8aff0a0ca6d82 17577772 ghostscript_9.25~dfsg.orig.tar.xz
 6b3006bbcc6528aa1034fc1d73bf5fbd0451e9dc12607b6a67e25eeeedf062f5 106640 ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 fe0c26419a55e60d679231e5df4a281f27c62865b4f57c16dc25b14bea5467a6 11818 ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo
 e728b22207588f4f237e7d0b209934d0 2765 text optional ghostscript_9.25~dfsg-1~exp1.dsc
 f9b9532d6bf70b615824293e7557a623 17577772 text optional ghostscript_9.25~dfsg.orig.tar.xz
 ff40800143ed11c68f95d48700823b71 106640 text optional ghostscript_9.25~dfsg-1~exp1.debian.tar.xz
 e5f3e09824728e7100b0c827563a2038 11818 text optional ghostscript_9.25~dfsg-1~exp1_amd64.buildinfo



--- End Message ---

Reply to: