Your message dated Sun, 24 Aug 2025 20:35:53 +0000 with message-id <E1uqHRR-00BRBX-29@fasolo.debian.org> and subject line Bug#1109270: fixed in ghostscript 10.05.1~dfsg-2 has caused the Debian Bug report #1109270, regarding ghostscript: CVE-2025-7462 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1109270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109270 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ghostscript: CVE-2025-7462
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Mon, 14 Jul 2025 14:55:12 +0200
- Message-id: <175249771269.13593.18130498396169664817.reportbug@eldamar.lan>
Source: ghostscript Version: 10.05.1~dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi, The following vulnerability was published for ghostscript. CVE-2025-7462[0]: | A vulnerability was found in Artifex GhostPDL up to | 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as | problematic. This affects the function pdf_ferror of the file | devices/vector/gdevpdf.c of the component New Output File Open Error | Handler. The manipulation leads to null pointer dereference. It is | possible to initiate the attack remotely. The identifier of the | patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended | to apply a patch to fix this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-7462 https://www.cve.org/CVERecord?id=CVE-2025-7462 [1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4abed95110f84d5efcd7aee38c7cb Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---
- To: 1109270-close@bugs.debian.org
- Subject: Bug#1109270: fixed in ghostscript 10.05.1~dfsg-2
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 24 Aug 2025 20:35:53 +0000
- Message-id: <E1uqHRR-00BRBX-29@fasolo.debian.org>
- Reply-to: smr@debian.org (Steve M. Robbins)
Source: ghostscript Source-Version: 10.05.1~dfsg-2 Done: Steve M. Robbins <smr@debian.org> We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1109270@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve M. Robbins <smr@debian.org> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 Aug 2025 14:57:41 -0500 Source: ghostscript Architecture: source Version: 10.05.1~dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Steve M. Robbins <smr@debian.org> Closes: 1101348 1109270 Changes: ghostscript (10.05.1~dfsg-2) unstable; urgency=medium . [ Steve Robbins ] * [a7443cd] Upstream fix for CVE-2025-7462. Closes: #1109270. * [510df70] Apply upstream patch that closes: #1101348. Checksums-Sha1: 1755d80c82171c4864152d4cf6991d17237c04d9 2868 ghostscript_10.05.1~dfsg-2.dsc 5ea6f44b73946053d5e8f9f54b840627a9e23993 86000 ghostscript_10.05.1~dfsg-2.debian.tar.xz 23da4d7e32f209e897b90c9f6dd6bf6f80dd9d1f 14133 ghostscript_10.05.1~dfsg-2_amd64.buildinfo Checksums-Sha256: cca5b541dd2af012fc78e075296a95c59208130adb356dd6e9e90a6928184735 2868 ghostscript_10.05.1~dfsg-2.dsc 2a7aa3a7d903672bfa8d2f4c02fd27bd9302a7adf97339b4af99092744a0cecb 86000 ghostscript_10.05.1~dfsg-2.debian.tar.xz e23d518ae14dc6d4ff5297dde00a47353299ef8f8c80842203d76b4c7dbf7e35 14133 ghostscript_10.05.1~dfsg-2_amd64.buildinfo Files: a55d1425e565e77fbe94448f5dd73900 2868 text optional ghostscript_10.05.1~dfsg-2.dsc 1b294f3b988bf01891ef1fe14b73516d 86000 text optional ghostscript_10.05.1~dfsg-2.debian.tar.xz 9b0f9192a39893728c35b4b701be79eb 14133 text optional ghostscript_10.05.1~dfsg-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEy89k8fa3rclNjyokyeVeL63I9LkFAmircDYPHHNtckBkZWJp YW4ub3JnAAoJEMnlXi+tyPS5ALsP/A2D/hg41aOdev0kBokPNFaRjk2KdV/JwXQh G1f3e/lXTHlpLNx+TIzclTKl9dlrRj1GT2YZWXHFM0fFzcQhvGDrscGFSXCZIYse bjwgS/TFo/VQ11hqx2QLeJNQXGWNbp4Rz2YL4t+a9Rit2pIIEAkthe0nunuERVPM PqwXqV9YBiBRaLQqfEer46ytTXg1/9SwypUyIKiTUlVaNgKf81iUKs/hd/YjslAb 8wPEVhXO8r+qgT4sGJfNhUbPN4mqUw9Mo2cVtZd1TBBs9Rd1j2hi7HPGDhoiwKgn jEnc/ShE0aT/N/fe09QIbcDvZJCwsAt8d2+Ae9K4hw8z79cqXPQXtDCxd/byG4S6 n2frWOAQjkjahwQ2CxJbIVxLoC8mMmDcxeXCbpbxL9mShXvgcJ1bdXlVl0JiL+5F TnF/8b0r9q/r1nfJuU7gAaoJ9lS0KAbCbywJB1h2LHgJF38n1DZBBPpOSb91SHIv 4+v+klKQ6UgaRiXfBgNd9+ekS6gdgs5QJj1lVHJWa7RIdWSE766oMh+uKHOmnDj5 2CtXtqr5M2lPMmkbrQa1pSj47Z+8pX/E7r5otBXkL+2hwXf4BgTtmB7eY5qhB9eQ 9V3ypo14MukYLC89E3+XaKrMnKNqazG1YJnjRnIggRpzQF5Mk0o9RrlPeUv7ywup ZvSD+YmW =2gxZ -----END PGP SIGNATURE-----Attachment: pgpVhDk7MubIH.pgp
Description: PGP signature
--- End Message ---