[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1116443: marked as done (ghostscript: CVE-2025-59799)

Your message dated Mon, 13 Oct 2025 18:20:12 +0000
with message-id <E1v8N9Y-004Kb4-2I@fasolo.debian.org>
and subject line Bug#1116443: fixed in ghostscript 10.05.1~dfsg-1+deb13u1
has caused the Debian Bug report #1116443,
regarding ghostscript: CVE-2025-59799
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1116443: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116443
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: ghostscript
Version: 10.05.1~dfsg-3
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=708517
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 10.05.1~dfsg-1
Control: found -1 10.0.0~dfsg-11+deb12u7
Control: found -1 10.0.0~dfsg-11

Hi,

The following vulnerability was published for ghostscript.

CVE-2025-59799[0]:
| Artifex Ghostscript through 10.05.1 has a stack-based buffer
| overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a
| large size value.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-59799
    https://www.cve.org/CVERecord?id=CVE-2025-59799
[1] https://bugs.ghostscript.com/show_bug.cgi?id=708517
[2] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ghostscript
Source-Version: 10.05.1~dfsg-1+deb13u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1116443@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Oct 2025 09:09:15 +0200
Source: ghostscript
Architecture: source
Version: 10.05.1~dfsg-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1109270 1116443 1116444
Changes:
 ghostscript (10.05.1~dfsg-1+deb13u1) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Steve Robbins ]
   * Upstream fix for CVE-2025-7462. (Closes: #1109270)
 .
   [ Salvatore Bonaccorso ]
   * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443)
   * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444)
Checksums-Sha1:
 4b5c82fd42bf3c338b83abd04af0f5996ae38386 3034 ghostscript_10.05.1~dfsg-1+deb13u1.dsc
 2a57abc10000affa2cb70de4f18c962e94fa5077 28467224 ghostscript_10.05.1~dfsg.orig.tar.xz
 94a983bd014d079435450b770b593ec62f691e0a 87492 ghostscript_10.05.1~dfsg-1+deb13u1.debian.tar.xz
 2fc22fa64f49fd1d6f225729949ad8d7fc94306a 6435 ghostscript_10.05.1~dfsg-1+deb13u1_source.buildinfo
Checksums-Sha256:
 368616b13123e2887c54524a685e40856ea9401be3cb3cd0b9c39ba15fcfa818 3034 ghostscript_10.05.1~dfsg-1+deb13u1.dsc
 ca4ff3a4c2b536baedd3029cb9b7bdd3bd9b27a03b53956efda062140843add1 28467224 ghostscript_10.05.1~dfsg.orig.tar.xz
 6490004f76429ef07f78d13d31ad4b55652414065460bd625d561009a0a6215e 87492 ghostscript_10.05.1~dfsg-1+deb13u1.debian.tar.xz
 bba23c0881c6470a58eecac4d701d02d5b9977f9fa740bcf7da4eef255da953a 6435 ghostscript_10.05.1~dfsg-1+deb13u1_source.buildinfo
Files:
 2138419400bedde698cc45ca559dc451 3034 text optional ghostscript_10.05.1~dfsg-1+deb13u1.dsc
 9598181badf7ef0895e59c88a2256a4d 28467224 text optional ghostscript_10.05.1~dfsg.orig.tar.xz
 14739590abd9ad1daf12854cea7801c6 87492 text optional ghostscript_10.05.1~dfsg-1+deb13u1.debian.tar.xz
 c3c0ec55eb8adb589c74302b97d34d2f 6435 text optional ghostscript_10.05.1~dfsg-1+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjiTatfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUu4P/R4csiqzNn/UuNabKZnN4E/OVHc/5v6z
uXtkVSWo4TSZ1ShqlUaB1+Qv4a0cZQAqu3uGotLc997RU4Qrz5Bxd1s+eXShCLKs
W0MN5pkrVIfhGMAdnLbkTA+TsQJxEv7Ij1nhhMSwlF9aYFWNtf4/0PTsv/hpOWwE
ldZhgSmFyN5DNFBPRsAdEX9Ts4O2ez/O+oyMOikdnFqpFmjXo+vGfAfni06a0526
SvWUhQ+U7MHAC/CiWRJ0F33EhAlU9cAPfGhNaW7wbLJLKP5tIqBw/HU8vz1grO3h
4stS3zVbbMROcdfSa+I+GNnh4D5lWMgC7gjoh4n92qkJyctHLRztuSEdCSDdyZOz
sGsfQSbW08/C3nSh+oPGdfRRUB+4dDxaE7Jno0a0WSd6XOSNz95w74Yu4K7ezzcV
iRDS6i3FpNL1I2M9aZG69krt6K/YUDZ3VENr8qFX1X4/MgULoQlyovG05IwRmKep
yYXv7Lz6sswQOtyyQgX3uHFEuHM/DlXWY5zkBJl91UuxmJ+NVtLiiawgvZHCobur
CvapxGGcbO7+Iin7iJiLiS732xNqw7eqVoupkJ0JgEV4MxvuARlbZF1OjXj1V2M7
4oSXAvs9k2wNfWLbDFBd/psEpVUlU12hfljp6Fi22B2aTOaNFCe8lyj94tERPhZ/
2EBofSBEOyfE
=APX3
-----END PGP SIGNATURE-----

Attachment: pgp5TDhuCLu3U.pgp
Description: PGP signature


--- End Message ---
Reply to: