Bug#934638: marked as done (ghostscript: CVE-2019-10216)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 13 Aug 2019 08:40:14 +0000
with message-id <E1hxSLm-000HJj-VQ@fasolo.debian.org>
and subject line Bug#934638: fixed in ghostscript 9.27~dfsg-3.1
has caused the Debian Bug report #934638,
regarding ghostscript: CVE-2019-10216
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
934638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934638
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ghostscript: CVE-2019-10216
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Mon, 12 Aug 2019 21:27:11 +0200
• Message-id: <[🔎] 156563803196.28127.410779051215263503.reportbug@eldamar.local>

Source: ghostscript
Version: 9.27~dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=701394
Control: found -1 9.27~dfsg-2
Control: found -1 9.26a~dfsg-0+deb9u2
Control: found -1 9.26a~dfsg-0+deb9u3
Control: found -1 9.06~dfsg-2
Control: fixed -1 9.26a~dfsg-0+deb9u4
Control: fixed -1 9.27~dfsg-2+deb10u1

Hi,

The following vulnerability was published for ghostscript.

CVE-2019-10216[0]:
| -dSAFER escape via .buildfont1

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-10216
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10216
[1] https://bugs.ghostscript.com/show_bug.cgi?id=701394
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19a8420a1bd2d5529325be35d78e94234

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 934638-close@bugs.debian.org
• Subject: Bug#934638: fixed in ghostscript 9.27~dfsg-3.1
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Tue, 13 Aug 2019 08:40:14 +0000
• Message-id: <E1hxSLm-000HJj-VQ@fasolo.debian.org>

Source: ghostscript
Source-Version: 9.27~dfsg-3.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 934638@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 13 Aug 2019 09:49:11 +0200
Source: ghostscript
Architecture: source
Version: 9.27~dfsg-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 934638
Changes:
 ghostscript (9.27~dfsg-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload (with maintainers approval).
   * protect use of .forceput with executeonly (CVE-2019-10216)
     (Closes: #934638)
Checksums-Sha1: 
 4d5894c6a76860fe0fe2b24de1362e35016dd399 2965 ghostscript_9.27~dfsg-3.1.dsc
 e7b97c0d670c702d30a81764eff3a10c8a4b6582 111316 ghostscript_9.27~dfsg-3.1.debian.tar.xz
Checksums-Sha256: 
 8c44649907b3480c45ddcd9e2f2ea685351a5ed3a9cfc934f1ec272a881318fd 2965 ghostscript_9.27~dfsg-3.1.dsc
 002431936315ed31541d6f62541e83a899d8edd3b9e2da84ed157bb218101a2f 111316 ghostscript_9.27~dfsg-3.1.debian.tar.xz
Files: 
 305561f0bb72faf83d3542f6ad15b5b2 2965 text optional ghostscript_9.27~dfsg-3.1.dsc
 d8373e08b9df33ec898c549e961a8b33 111316 text optional ghostscript_9.27~dfsg-3.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1ScoNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EJkYP/2vF/VF8CosTnQnm/B/qbw6ycu2qwGMF
L5WAktAA+58G+3hRgo/Z7TTQDidYXyPQKcz0tQ3GGC+AhwOAGAt7Qy7nBX0RL+wr
IPEbZDeredjZMR89W6JQ0uVV4gWSY4cJxKw6U442XAKHU2bySY4Jae7JVESwtW6j
tgk2dR9Vtfovo+3ZyvtU2p46N/wTRLEftiaSwwqP+tmH14Odk3MLv6CkfpDWMRps
ntKKPKdNrseWiRQ6T5TW2JCkHWHXDFNWuUn53kZsGjikMoe2KZYN1TPRP0rVdjZl
f/BQ3vIhgzjwQPuZKWJnX0JaTS5Itr1hr1PBWgMipxZDKsoLij3Je/mzoXzF+P2l
egsn1CskjuJov1RHPIbkMYIFqYJt4nGE2X6Tm3aQV0LqpfPXSqvV9JnR4G5p+M9t
UpSlIKFgZIdmkMDLUZSprbA5vuvdHkExKJ4dL5oo5Eij4EzdDs5ReH0iltqwSIm3
JWkUqSQVQIf+FpOsbX+XM7C6w457bwYEnP8ymZ0zCkaJzVMokiXGxSRp6CMF6+Xj
bkq8s+PMQakuUTdoYHJZFhRBc5dOp1BvmrLU4taTy9fZ9MZSAXiYNPEu6/s9/I9T
XntXmcCw9TZyDE2+vPvwv9h/NHLfM2JzP/OUCzk46e+vJo3B8H2+wkPur6Q0YJVo
2FaRXGkTWjsM
=bXVF
-----END PGP SIGNATURE-----

--- End Message ---