Bug#925256: marked as done (ghostscript: CVE-2019-3835: superexec operator is available)
Your message dated Thu, 04 Apr 2019 18:33:56 +0000
with message-id <E1hC7BU-000BwE-W6@fasolo.debian.org>
and subject line Bug#925256: fixed in ghostscript 9.27~dfsg-1
has caused the Debian Bug report #925256,
regarding ghostscript: CVE-2019-3835: superexec operator is available
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
925256: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925256
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ghostscript: CVE-2019-3835: superexec operator is available
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 21 Mar 2019 22:02:52 +0100
- Message-id: <155320217211.21586.12886047626718905593.reportbug@eldamar.local>
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3835[0]:
superexec operator is available
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
- To: 925256-close@bugs.debian.org
- Subject: Bug#925256: fixed in ghostscript 9.27~dfsg-1
- From: Jonas Smedegaard <dr@jones.dk>
- Date: Thu, 04 Apr 2019 18:33:56 +0000
- Message-id: <E1hC7BU-000BwE-W6@fasolo.debian.org>
Source: ghostscript
Source-Version: 9.27~dfsg-1
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 925256@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Apr 2019 20:17:20 +0200
Source: ghostscript
Architecture: source
Version: 9.27~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Closes: 925256 925257
Changes:
ghostscript (9.27~dfsg-1) unstable; urgency=high
.
[ upstream ]
* New release.
Closes: Bug#925256, 925257 (CVE-2019-3835, CVE-2019-3838).
Thanks to Salvatore Bonaccorso.
* Set urgency=high, due to CVE fix.
.
[ Jonas Smedegaard ]
* Drop patches cherry-picked upstream now applied.
* Unfuzz patches.
* Build-depend versioned on libjbig2dec0-dev
(not unversioned on libjbig2dec-dev).
* Use dpkg-provided snippet
(not additional explicit dpkg-parsechangelog call)
to resolve when build is targeted experimental suite.
* Revert to again split ABI at ~ (not a)."
* Update copyright info: Extend coverage for main upstream author.
* Update testsuite to catch new error message.
* Update symbols:
+ 18 private symbols dropped.
+ 51 private symbols dropped.
Checksums-Sha1:
4c6633d9afd8b31376bbb49221ed172e6e759f56 2763 ghostscript_9.27~dfsg-1.dsc
ce6d3c89086a238ff6683e3a0fa3a71be7891d94 17723588 ghostscript_9.27~dfsg.orig.tar.xz
8a1498bb08f48dbc73870d4c3c772aded7c3ef5b 109348 ghostscript_9.27~dfsg-1.debian.tar.xz
149bb071b68b64e5dc374b60316ae55fae78871c 11563 ghostscript_9.27~dfsg-1_amd64.buildinfo
Checksums-Sha256:
bad0561b406e5c92c4413f23e900a81f72c0e144e388f6e6d9d6caeeda408c0f 2763 ghostscript_9.27~dfsg-1.dsc
b90d2117e93c63d774a5ab0a4d6a19c5dcbfd877462ee39a405262948e23ff9b 17723588 ghostscript_9.27~dfsg.orig.tar.xz
4aa944a477f218264b6d70644491b4bdf8a7b0f6c18fdfec5e65a99dfaf01e24 109348 ghostscript_9.27~dfsg-1.debian.tar.xz
4f299d749c0f0be29bfefd80de50a1c45b80771fb6d6db54711a938322c79ce5 11563 ghostscript_9.27~dfsg-1_amd64.buildinfo
Files:
99fc8eb26d9a8e27b581e9eca089a462 2763 text optional ghostscript_9.27~dfsg-1.dsc
5fd2cef0eafc9482f96342344faf935f 17723588 text optional ghostscript_9.27~dfsg.orig.tar.xz
fad7f4bed7fd2df51f2992d5e898ebb0 109348 text optional ghostscript_9.27~dfsg-1.debian.tar.xz
8f719015ef3c70bdc32dcd42579702db 11563 text optional ghostscript_9.27~dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlymS0AACgkQLHwxRsGg
ASG6Iw//WjyvSs22s9m6JuPHHgsVMuXndnj+ZsLa2wJ2o3HDgGbSF7CN1KiFA/lA
IjTW15FTKJ2nisox07Wfb1yzv03ZKaOltjf/DGs4ZEUc6FiX/ruyovUFdl+kdGsY
oa5OuOGAMDCEFQ9zkNKlzF/s5acAcC7tzbm40P7ZTz4iI6VyWLyl3gCex8nMBUgF
VnzxOENA2HqojT74b2aJr1HRP7DoKtKn8QKuBa9L7duqKstLq5JUYRKGVXURUdWu
26OklIxVfy9MKwGbgC9UZS41cAd43bhuZF2GOkBF5J9Bk3hh1RvPELgHmJ9nfpt5
qX6VZrK8HZGOMDuU6lWKT78xcsiMfOfKTYCTGsEkEZO16uVCO6YrGopQ5jIXowgB
aXS3qkzr2DRlYHYeA2jjEXvqKU5GVmx71WYGoJHh0rLOi3SxfpmmjPKCp1lugZSC
OpJJZFcwetLgr6jA1V3d7Row8GIWOlZ66EOda3korgtOgnn8WO8aERUGjbG5ShqS
vsLQqW9a4YWKtUkyMzXsOa8bJcgf29/2mGYVVcBAVbWB8lDDYfeqZAzmx2Zw+JZc
RqHOlP5UH5TAgr/l+RgDaaaFCsDjq0XczTecJjcRgaE0mCxs2APKyQiBs8aH+vdy
0IjSMjuzIGrBRjrA8f+dbSrtii0H9+H+qZhvfHASp6T3sZ75b8c=
=XgNU
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: