Bug#1124297: ghostscript: OPVP device crash due to CVE backport, patch available

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1124297: ghostscript: OPVP device crash due to CVE backport, patch available
From: ValdikSS <iam@valdikss.org.ru>
Date: Tue, 30 Dec 2025 10:17:24 +0300
Message-id: <[🔎] c420ec4b-c667-455a-a0cb-9f3c593336e2@valdikss.org.ru>
Reply-to: ValdikSS <iam@valdikss.org.ru>, 1124297@bugs.debian.org

Package: ghostscript
Version: 10.0.0~dfsg-11+deb12u8
Severity: normal
Tags: patch upstream
X-Debbugs-Cc: iam@valdikss.org.ru, team@security.debian.org

Dear Maintainer,

CVE-2024-33871 fix
https://security-tracker.debian.org/tracker/CVE-2024-33871
introduced regression which causes OPVP Canon CAPT
libcanonc3pl.so proprietary driver to crash.

This is a known upstream issue which has been fixed in commit
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b721bd1d9f1d2e9d2a0c2e9dbbb125ec658b2dcf

Please pick this patch into Debian 12 GhostScript.
The issue is nonexistent on Debian 13.

-- System Information:
Debian Release: 12.12
  APT prefers oldstable-updates

APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'),(500, 'oldstable')

Architecture: i386 (x86_64)

Kernel: Linux 6.17.12-300.fc43.x86_64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages ghostscript depends on:
ii  libc6    2.36-9+deb12u13
ii  libgs10  10.0.0~dfsg-11+deb12u8

ghostscript recommends no packages.

ghostscript suggests no packages.

-- no debconf information

Reply to:

Prev by Date: Processed: notpending
Next by Date: Processed: closing 1124297
Previous by thread: Processed: notpending
Next by thread: Processed: closing 1124297
Index(es):
- Date
- Thread