Bug#925256: marked as done (ghostscript: CVE-2019-3835: superexec operator is available)
Your message dated Thu, 18 Apr 2019 17:32:08 +0000
with message-id <E1hHAtM-0009vm-Lt@fasolo.debian.org>
and subject line Bug#925256: fixed in ghostscript 9.26a~dfsg-0+deb9u2
has caused the Debian Bug report #925256,
regarding ghostscript: CVE-2019-3835: superexec operator is available
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
925256: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925256
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ghostscript: CVE-2019-3835: superexec operator is available
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 21 Mar 2019 22:02:52 +0100
- Message-id: <155320217211.21586.12886047626718905593.reportbug@eldamar.local>
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3835[0]:
superexec operator is available
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
- To: 925256-close@bugs.debian.org
- Subject: Bug#925256: fixed in ghostscript 9.26a~dfsg-0+deb9u2
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 18 Apr 2019 17:32:08 +0000
- Message-id: <E1hHAtM-0009vm-Lt@fasolo.debian.org>
Source: ghostscript
Source-Version: 9.26a~dfsg-0+deb9u2
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 925256@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Apr 2019 16:40:43 +0200
Source: ghostscript
Architecture: source
Version: 9.26a~dfsg-0+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 925256 925257
Changes:
ghostscript (9.26a~dfsg-0+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Have gs_cet.ps run from gs_init.ps
* Undef /odef in gs_init.ps
* Restrict superexec and remove it from internals and gs_cet.ps
(CVE-2019-3835) (Closes: #925256)
* Obliterate "superexec". We don't need it, nor do any known apps
(CVE-2019-3835) (Closes: #925256)
* Make a transient proc executeonly (in DefineResource) (CVE-2019-3838)
(Closes: #925257)
* an extra transient proc needs executeonly'ed (CVE-2019-3838)
(Closes: #925257)
Checksums-Sha1:
a36471ccccfaa5f824feb421b9b8d36a01880ed2 3052 ghostscript_9.26a~dfsg-0+deb9u2.dsc
64988c4bcb2461931ab91c63de5c3c3c7bb14a07 114608 ghostscript_9.26a~dfsg-0+deb9u2.debian.tar.xz
Checksums-Sha256:
f2db945f626273db54377fd2114278e0bedce96310668b6e550b26305ff9d29c 3052 ghostscript_9.26a~dfsg-0+deb9u2.dsc
83f9bf1932c637733e63e293ed822dff0ea9b47914c743d29725ffc2cee839e8 114608 ghostscript_9.26a~dfsg-0+deb9u2.debian.tar.xz
Files:
3eaf5fdf443490ece65b2bf39c69456f 3052 text optional ghostscript_9.26a~dfsg-0+deb9u2.dsc
be65f72beb08cce7f64abd31998ceb20 114608 text optional ghostscript_9.26a~dfsg-0+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyx+4JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQS0P/AnEA56L6SIYVVNp8S2r0ovQSjiB4QID
DxQrBdlSBIkOkCvx7yGZpW/opZsPHGnJrqZSdm+eqUckzMSg/x4sPlAo0JxTwmMU
7mgonXwHioqGVUk8qZ4q27KsiOjbOJETpVf90LuDm7lnLGvRjDqeE5ySehHnys2J
/63RNYzLAj23H+jwVDsQA7DqLVK1KUHKGqABIyPJzVBnvFzoXAAGdGb9/UouiWsC
5g1TARClQrullhcNz2NcK0PLBbhtN1kxx/CyoBgS8itH3jolqUw4zk03Jx6p7F9f
GqP5mHAMoZo9WQBNKnoTr3xV4elUFvxIkPncFfPHpU5315w2K84n50nLGqYy+5k4
VkVB78BuomMyfRlUKZ4YyXPEsWj0GqLZQUOsb7WEx5NzNW9/1Fc8ib0qbij2DSpg
jVAapY/zRB+mjMB7ZmYdT3iVGQrQQEkQBMq0vrXZqnZyj3PuvPmE6AMj7MuQ8R5r
85Hj2Kvn2Ni4Ioxnz4h5grO5XI4cjDvNlrY4tlrpW/WHmAMZe4jEVJo3pbchlXbn
J3bs2AWiI0J/yEnlcQLjIAgv9mQpFIJLAl8OYj6nSL7Y9xzJjGdVngCB6udS35J1
Bv9mEueZ77YFzBxBJNB+nZFuR7EFDFu94HMqLWDhhIod8432dmHl2m9FzM4YjjlP
3nwxgM0ZrQZZ
=tQiH
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: