Bug#1116444: marked as done (ghostscript: CVE-2025-59798)

To: smr@debian.org (Steve M. Robbins)
Subject: Bug#1116444: marked as done (ghostscript: CVE-2025-59798)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 29 Sep 2025 14:39:04 +0000
Message-id: <[🔎] handler.1116444.D1116444.17591565791650347.ackdone@bugs.debian.org>
Reply-to: 1116444@bugs.debian.org
References: <E1v3EzA-00GMmY-17@fasolo.debian.org> <[🔎] 175897339938.2007699.4136460470106478997.reportbug@eldamar.lan>

Your message dated Mon, 29 Sep 2025 14:36:16 +0000
with message-id <E1v3EzA-00GMmY-17@fasolo.debian.org>
and subject line Bug#1116444: fixed in ghostscript 10.06.0~dfsg-1
has caused the Debian Bug report #1116444,
regarding ghostscript: CVE-2025-59798
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1116444: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116444
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ghostscript: CVE-2025-59798
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 27 Sep 2025 13:43:19 +0200
Message-id: <[🔎] 175897339938.2007699.4136460470106478997.reportbug@eldamar.lan>

Source: ghostscript
Version: 10.05.1~dfsg-3
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=708539
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 10.05.1~dfsg-1
Control: found -1 10.0.0~dfsg-11+deb12u7
Control: found -1 10.0.0~dfsg-11

Hi,

The following vulnerability was published for ghostscript.

CVE-2025-59798[0]:
| Artifex Ghostscript through 10.05.1 has a stack-based buffer
| overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-59798
    https://www.cve.org/CVERecord?id=CVE-2025-59798
[1] https://bugs.ghostscript.com/show_bug.cgi?id=708539
[2] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1116444-close@bugs.debian.org
Subject: Bug#1116444: fixed in ghostscript 10.06.0~dfsg-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 29 Sep 2025 14:36:16 +0000
Message-id: <E1v3EzA-00GMmY-17@fasolo.debian.org>
Reply-to: smr@debian.org (Steve M. Robbins)

Source: ghostscript
Source-Version: 10.06.0~dfsg-1
Done: Steve M. Robbins <smr@debian.org>

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1116444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve M. Robbins <smr@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Sep 2025 08:37:38 -0500
Source: ghostscript
Binary: ghostscript ghostscript-dbgsym ghostscript-doc libgs-common libgs-dev libgs10 libgs10-common libgs10-dbgsym
Architecture: source amd64 all
Version: 10.06.0~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Steve M. Robbins <smr@debian.org>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 libgs-common - interpreter for the PostScript language and for PDF - ICC profile
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs10    - interpreter for the PostScript language and for PDF - Library
 libgs10-common - interpreter for the PostScript language and for PDF - common file
Closes: 1116443 1116444
Changes:
 ghostscript (10.06.0~dfsg-1) unstable; urgency=medium
 .
   * New upstream version
     - Closes: #1116443, #1116444.
   * Standards-Version: 4.7.2 (routine-update)
   * Reorder sequence of d/control fields by cme (routine-update)
   * Remove trailing whitespace in debian/changelog (routine-update)
     Update lintian override info format in d/source/lintian-overrides on line 2-12, 15.
   * [c267038] Remove patches applied upstream
Checksums-Sha1:
 0b6ba2e0a203cc84216a6441afb7ad7f87a06949 2860 ghostscript_10.06.0~dfsg-1.dsc
 72d07cd350dbbff4c9c207ddbfe746c419e6fe8b 28869496 ghostscript_10.06.0~dfsg.orig.tar.xz
 f862007ac87745529c9ec473f3c8e3e1711a23f8 85108 ghostscript_10.06.0~dfsg-1.debian.tar.xz
 b9b59b4176abc11a698e4bfc4c1856aba4ae17d6 6284 ghostscript-dbgsym_10.06.0~dfsg-1_amd64.deb
 931e3dc0289405f14fa2574d2f05626a8ec76c98 11691588 ghostscript-doc_10.06.0~dfsg-1_all.deb
 6b806ba4ee23aa06894e596ac34405ebbd634c39 14196 ghostscript_10.06.0~dfsg-1_amd64.buildinfo
 816f588cd74b76a39fb0420db5a81f357e567506 50464 ghostscript_10.06.0~dfsg-1_amd64.deb
 a502ab4075b853753f6aeb3d26ae1504c3a1b62f 148532 libgs-common_10.06.0~dfsg-1_all.deb
 b9509771ea614caef2cc718a2e6a96e1ee039af3 39372 libgs-dev_10.06.0~dfsg-1_amd64.deb
 eb295b86fd609505c85f361eecdac3218a381fbe 479216 libgs10-common_10.06.0~dfsg-1_all.deb
 6241dcc4bc1abdd6fa9c18cebdaaa8b783aa1a56 11197596 libgs10-dbgsym_10.06.0~dfsg-1_amd64.deb
 ab8d7558004184c2956dc9c4dd1ead5ce85e03a2 2904656 libgs10_10.06.0~dfsg-1_amd64.deb
Checksums-Sha256:
 f4e4c29454ef97ffe636523978c220be1040863a74fdfecbe3c046af3bcbcdf4 2860 ghostscript_10.06.0~dfsg-1.dsc
 3c6fa910fb104b247f2dada7e2e01f169d1476f6b9b195ce69388042057aeb84 28869496 ghostscript_10.06.0~dfsg.orig.tar.xz
 8901537de9f5ad4b8235afe36ec2a7a47e2760a4b4c564c6aafab103306603c8 85108 ghostscript_10.06.0~dfsg-1.debian.tar.xz
 4b0a131a07c86db6edfc8d8a6be9ddd6f158857a0cd7f3517e25e503672ae693 6284 ghostscript-dbgsym_10.06.0~dfsg-1_amd64.deb
 49b2ec13e958ee563d84c990a20bff5aa18ec17697516cd21828770be82e74e4 11691588 ghostscript-doc_10.06.0~dfsg-1_all.deb
 c84e2e2f703bad446c751d66b5d93043d8bbe41709530f2539f7bcfcfa9ca261 14196 ghostscript_10.06.0~dfsg-1_amd64.buildinfo
 c58fda6cd2ff53fabe02b05dee736fe4612e7d914c163d46e07a6f7c9f5d790e 50464 ghostscript_10.06.0~dfsg-1_amd64.deb
 b3ded3505447ae61ba18c61af1cd24d9e6c9e85c02702f01cf63fae8d426756e 148532 libgs-common_10.06.0~dfsg-1_all.deb
 b22ac64cbe2f7159011e66e034f9db49de6404ea0a79ea03cadba18c2b63adcd 39372 libgs-dev_10.06.0~dfsg-1_amd64.deb
 2004a236b1f3755f650627af8124fc0dabb8b78bcc0f82e8a1c8a27066d9db56 479216 libgs10-common_10.06.0~dfsg-1_all.deb
 3dd67041d9caa3036371f845443f060fd169f26a4bacdea1fdfff2b67156b8fc 11197596 libgs10-dbgsym_10.06.0~dfsg-1_amd64.deb
 a3cc4ccfacb5cea0f79fc3dffc0c2ebdf350434aa5ead8eca4580f6d8a050638 2904656 libgs10_10.06.0~dfsg-1_amd64.deb
Files:
 52029b55b98bd9614b03daf2fd260d1b 2860 text optional ghostscript_10.06.0~dfsg-1.dsc
 a980b670f21523e3433f955d6c02c24f 28869496 text optional ghostscript_10.06.0~dfsg.orig.tar.xz
 0f9309f3c842c037ca4a2799061f4a61 85108 text optional ghostscript_10.06.0~dfsg-1.debian.tar.xz
 8d8e8d022a17dc59a4a2c95da2f2988c 6284 debug optional ghostscript-dbgsym_10.06.0~dfsg-1_amd64.deb
 f08f8170b33c4b8ba0b93a575b021351 11691588 doc optional ghostscript-doc_10.06.0~dfsg-1_all.deb
 1345d39d669d8ad8bb982dd4124c49b2 14196 text optional ghostscript_10.06.0~dfsg-1_amd64.buildinfo
 f7591e23af1031b9d35b7be46ed204dc 50464 text optional ghostscript_10.06.0~dfsg-1_amd64.deb
 4edf4e281d83d31d944c9bf857da28ef 148532 libs optional libgs-common_10.06.0~dfsg-1_all.deb
 81a78d03779b5d08da7bf970404d24eb 39372 libdevel optional libgs-dev_10.06.0~dfsg-1_amd64.deb
 18bde41c9f738c07ede238f77d5e9f40 479216 libs optional libgs10-common_10.06.0~dfsg-1_all.deb
 c2d2e19d7ab347319c60c271debfafbe 11197596 debug optional libgs10-dbgsym_10.06.0~dfsg-1_amd64.deb
 9166e35a5efaf545e7eded51413f2c7a 2904656 libs optional libgs10_10.06.0~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEy89k8fa3rclNjyokyeVeL63I9LkFAmjajQkPHHNtckBkZWJp
YW4ub3JnAAoJEMnlXi+tyPS5W2IQAIZ/5ojyjXWZ9UcNW0TD7eZUxJ48rMegFojh
Mm1NcKRsDp2JvG2GTpayubhgfLXcdVj93RI9O7+o/nVJqDuGtx0tziX2RRRi9w+P
0HFrEEbjIvUvLovgoEOvIvw3tmD8g8cQ+YS/ouxbOPlkqUXSsMsXPMBTbdBWsMNW
0xQQ4cQE74B+uhgktoJ5az+cgd+8Sil6g+5xLyXlU92tVb7z+dW3Am3Xh3orEZzv
JGNv6WcJPDWZcR5PenmztVIE7iPu7wdAAhQgRcXxgWci3/B33U5EtnukxZrqMVVD
iSrlKYwzadIfw08E1aBk2CmM3+KP4UVEljXSLF62MGHV09Y85Ol9D5ML0jXwMuh/
A+PblXFtyW7kD9fYlne8HDScY42Umy6wh+fd7wG2UYJMXPdl90peMrOr5ELCxZqa
NpbNIWaCxDAVMAq+LIV2D5kUAV2816aZFAJGfPlig/+mkYEkyHhixg2SxoUlfuaF
Z+kPL/7QhTK7oKMa1gvMOB/xYQXituQqAGGAV7ydA27kQHJiibRuIogPnm8UaDWK
4Teu0IvLIR+Mp94sU29pb1v/wcH5J2B9RyHoR+SedoBnVvGT0CQcGKdRYNdOj45S
uXs4544cGD089PPyJBxn5ZujEF4fBoBhBmm/R8ApfYy35YzjMUQYBbxlenzCIzgn
vLXfxoNV
=QqXe
-----END PGP SIGNATURE-----

Attachment: pgpJvLwuQuDBZ.pgp
Description: PGP signature

--- End Message ---

Reply to:

References:
- Bug#1116444: ghostscript: CVE-2025-59798
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#1116443: marked as done (ghostscript: CVE-2025-59799)
Next by Date: ghostscript_10.06.0~dfsg-2_source.changes ACCEPTED into unstable
Previous by thread: Processed: ghostscript: diff for NMU version 10.05.1~dfsg-3.1
Next by thread: brlaser is marked for autoremoval from testing
Index(es):
- Date
- Thread