[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1109270: marked as done (ghostscript: CVE-2025-7462)

Your message dated Sun, 19 Oct 2025 13:21:51 +0000
with message-id <E1vATM7-0008fo-1r@fasolo.debian.org>
and subject line Bug#1109270: fixed in ghostscript 10.0.0~dfsg-11+deb12u8
has caused the Debian Bug report #1109270,
regarding ghostscript: CVE-2025-7462
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1109270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109270
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: ghostscript
Version: 10.05.1~dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for ghostscript.

CVE-2025-7462[0]:
| A vulnerability was found in Artifex GhostPDL up to
| 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as
| problematic. This affects the function pdf_ferror of the file
| devices/vector/gdevpdf.c of the component New Output File Open Error
| Handler. The manipulation leads to null pointer dereference. It is
| possible to initiate the attack remotely. The identifier of the
| patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended
| to apply a patch to fix this issue.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-7462
    https://www.cve.org/CVERecord?id=CVE-2025-7462
[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4abed95110f84d5efcd7aee38c7cb

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ghostscript
Source-Version: 10.0.0~dfsg-11+deb12u8
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1109270@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Oct 2025 10:11:09 +0200
Source: ghostscript
Architecture: source
Version: 10.0.0~dfsg-11+deb12u8
Distribution: bookworm-security
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1109270 1116443 1116444
Changes:
 ghostscript (10.0.0~dfsg-11+deb12u8) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Catch a null file pointer closing pdfwrite (CVE-2025-7462)
     (Closes: #1109270)
   * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443)
   * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444)
Checksums-Sha1:
 45f71a36b85cf3e2c3fadf6257b589b452620e38 3022 ghostscript_10.0.0~dfsg-11+deb12u8.dsc
 6122612421398161c7a1dd6704456838905acb0e 110332 ghostscript_10.0.0~dfsg-11+deb12u8.debian.tar.xz
 1a061d58cfe9e2d31e01a7f49b6a26321d78a8f1 6435 ghostscript_10.0.0~dfsg-11+deb12u8_source.buildinfo
Checksums-Sha256:
 8cb8f619dffe09825e56014b9fc34381ba9fa75048b11b00a275abeaf9785cd4 3022 ghostscript_10.0.0~dfsg-11+deb12u8.dsc
 94f131ca44c0c0a9379cb8ad2841b98e15f0bf2a0c157b1fd11f8dbefefe6399 110332 ghostscript_10.0.0~dfsg-11+deb12u8.debian.tar.xz
 06ef574b3180cb0711d12fcf38df0bd8edd8394f67243b89a416301415ea2b93 6435 ghostscript_10.0.0~dfsg-11+deb12u8_source.buildinfo
Files:
 b920842fa2d4d4247cf32ae2c4d0478e 3022 text optional ghostscript_10.0.0~dfsg-11+deb12u8.dsc
 1f17de20dc37263ce870ebd9335f1705 110332 text optional ghostscript_10.0.0~dfsg-11+deb12u8.debian.tar.xz
 e198ebd9718106f795e9c9b17f3f88bb 6435 text optional ghostscript_10.0.0~dfsg-11+deb12u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmjiTfhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EuIAP/3+9iCK6U9n+4zddkS82QIlX6LX6P6cJ
t58YBi5NwQda/US6xqoo+1/0r4DnKgqgICsqTNfHxn7T8v2mF5GXpGPAGAbx4Ox2
5NFzqCGrP4XErv4q00E3lJBak+HVH998FI2qFGwmgui7cbTrl9q8gwIIlsXIDAFY
Kw2UyN5wO2XzcdI/0j2e3p/vehQEmJ308TPRwdZ+MwkiaJ/Xk6xuL0fL7HnVJtB7
p3TwD7vSpoli23DWjus6+IdpLdvTZ0Jm2UJhUq0GMQHGWR5mHs5jUYAtODWVRvom
PjHwyYvI115UlbBn02aFkeLLLXX7HKxadCkuwzSU5JnXISBmvdR3PTjgbWplc1hu
p4etZPOQWcY7R1IeKpdigjHaK7IF1O+1NVBZfwEUowYztoXuhWVslNeVYchGjEHg
Yi/tjJ7Erb1Q1fzKTsm0qBqSOkJihCg2D+BHjGR8SjjZEswGUhYoAkmNOZVpytBV
IXP2ixcBabkdOqBoDGQyxA4vmSVOPnOYfxe99LuMa6CtEZCNOGLMUA5AvmA8oykx
8FxTOGqmx7m+ed0C8sPJ8XlFiO66buZVP8sCRNIrW1GWe5L+aCrLoaCbuvPTSe/u
ozeQvzL22I7iu3WfWSHSyu503N9V5aYXKb1zfMq81wo2iD5Z+kSC8Ul1tkS3s9Ub
1EF9areWh9Ul
=7gNI
-----END PGP SIGNATURE-----

Attachment: pgp5bxjkbSdR3.pgp
Description: PGP signature


--- End Message ---
Reply to: