Bug#1109270: marked as done (ghostscript: CVE-2025-7462)

To: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#1109270: marked as done (ghostscript: CVE-2025-7462)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 13 Oct 2025 18:21:02 +0000
Message-id: <[🔎] handler.1109270.D1109270.17603796152453801.ackdone@bugs.debian.org>
Reply-to: 1109270@bugs.debian.org
References: <E1v8N9Y-004Kaz-2B@fasolo.debian.org> <175249771269.13593.18130498396169664817.reportbug@eldamar.lan>

Your message dated Mon, 13 Oct 2025 18:20:12 +0000
with message-id <E1v8N9Y-004Kaz-2B@fasolo.debian.org>
and subject line Bug#1109270: fixed in ghostscript 10.05.1~dfsg-1+deb13u1
has caused the Debian Bug report #1109270,
regarding ghostscript: CVE-2025-7462
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1109270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109270
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ghostscript: CVE-2025-7462
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 14 Jul 2025 14:55:12 +0200
Message-id: <175249771269.13593.18130498396169664817.reportbug@eldamar.lan>

Source: ghostscript
Version: 10.05.1~dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for ghostscript.

CVE-2025-7462[0]:
| A vulnerability was found in Artifex GhostPDL up to
| 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as
| problematic. This affects the function pdf_ferror of the file
| devices/vector/gdevpdf.c of the component New Output File Open Error
| Handler. The manipulation leads to null pointer dereference. It is
| possible to initiate the attack remotely. The identifier of the
| patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended
| to apply a patch to fix this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-7462
    https://www.cve.org/CVERecord?id=CVE-2025-7462
[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4abed95110f84d5efcd7aee38c7cb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1109270-close@bugs.debian.org
Subject: Bug#1109270: fixed in ghostscript 10.05.1~dfsg-1+deb13u1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 13 Oct 2025 18:20:12 +0000
Message-id: <E1v8N9Y-004Kaz-2B@fasolo.debian.org>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>

Source: ghostscript
Source-Version: 10.05.1~dfsg-1+deb13u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1109270@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Oct 2025 09:09:15 +0200
Source: ghostscript
Architecture: source
Version: 10.05.1~dfsg-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1109270 1116443 1116444
Changes:
 ghostscript (10.05.1~dfsg-1+deb13u1) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Steve Robbins ]
   * Upstream fix for CVE-2025-7462. (Closes: #1109270)
 .
   [ Salvatore Bonaccorso ]
   * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443)
   * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444)
Checksums-Sha1:
 4b5c82fd42bf3c338b83abd04af0f5996ae38386 3034 ghostscript_10.05.1~dfsg-1+deb13u1.dsc
 2a57abc10000affa2cb70de4f18c962e94fa5077 28467224 ghostscript_10.05.1~dfsg.orig.tar.xz
 94a983bd014d079435450b770b593ec62f691e0a 87492 ghostscript_10.05.1~dfsg-1+deb13u1.debian.tar.xz
 2fc22fa64f49fd1d6f225729949ad8d7fc94306a 6435 ghostscript_10.05.1~dfsg-1+deb13u1_source.buildinfo
Checksums-Sha256:
 368616b13123e2887c54524a685e40856ea9401be3cb3cd0b9c39ba15fcfa818 3034 ghostscript_10.05.1~dfsg-1+deb13u1.dsc
 ca4ff3a4c2b536baedd3029cb9b7bdd3bd9b27a03b53956efda062140843add1 28467224 ghostscript_10.05.1~dfsg.orig.tar.xz
 6490004f76429ef07f78d13d31ad4b55652414065460bd625d561009a0a6215e 87492 ghostscript_10.05.1~dfsg-1+deb13u1.debian.tar.xz
 bba23c0881c6470a58eecac4d701d02d5b9977f9fa740bcf7da4eef255da953a 6435 ghostscript_10.05.1~dfsg-1+deb13u1_source.buildinfo
Files:
 2138419400bedde698cc45ca559dc451 3034 text optional ghostscript_10.05.1~dfsg-1+deb13u1.dsc
 9598181badf7ef0895e59c88a2256a4d 28467224 text optional ghostscript_10.05.1~dfsg.orig.tar.xz
 14739590abd9ad1daf12854cea7801c6 87492 text optional ghostscript_10.05.1~dfsg-1+deb13u1.debian.tar.xz
 c3c0ec55eb8adb589c74302b97d34d2f 6435 text optional ghostscript_10.05.1~dfsg-1+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjiTatfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUu4P/R4csiqzNn/UuNabKZnN4E/OVHc/5v6z
uXtkVSWo4TSZ1ShqlUaB1+Qv4a0cZQAqu3uGotLc997RU4Qrz5Bxd1s+eXShCLKs
W0MN5pkrVIfhGMAdnLbkTA+TsQJxEv7Ij1nhhMSwlF9aYFWNtf4/0PTsv/hpOWwE
ldZhgSmFyN5DNFBPRsAdEX9Ts4O2ez/O+oyMOikdnFqpFmjXo+vGfAfni06a0526
SvWUhQ+U7MHAC/CiWRJ0F33EhAlU9cAPfGhNaW7wbLJLKP5tIqBw/HU8vz1grO3h
4stS3zVbbMROcdfSa+I+GNnh4D5lWMgC7gjoh4n92qkJyctHLRztuSEdCSDdyZOz
sGsfQSbW08/C3nSh+oPGdfRRUB+4dDxaE7Jno0a0WSd6XOSNz95w74Yu4K7ezzcV
iRDS6i3FpNL1I2M9aZG69krt6K/YUDZ3VENr8qFX1X4/MgULoQlyovG05IwRmKep
yYXv7Lz6sswQOtyyQgX3uHFEuHM/DlXWY5zkBJl91UuxmJ+NVtLiiawgvZHCobur
CvapxGGcbO7+Iin7iJiLiS732xNqw7eqVoupkJ0JgEV4MxvuARlbZF1OjXj1V2M7
4oSXAvs9k2wNfWLbDFBd/psEpVUlU12hfljp6Fi22B2aTOaNFCe8lyj94tERPhZ/
2EBofSBEOyfE
=APX3
-----END PGP SIGNATURE-----

Attachment: pgpwdUBcZAmqS.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: ghostscript_10.05.1~dfsg-1+deb13u1_source.changes ACCEPTED into proposed-updates
Next by Date: Bug#1116443: marked as done (ghostscript: CVE-2025-59799)
Previous by thread: ghostscript_10.05.1~dfsg-1+deb13u1_source.changes ACCEPTED into proposed-updates
Next by thread: Bug#1109270: marked as done (ghostscript: CVE-2025-7462)
Index(es):
- Date
- Thread