Bug#1033757: marked as done (ghostscript: CVE-2023-28879)
Your message dated Fri, 07 Apr 2023 10:02:10 +0000
with message-id <E1pkiv4-009DJL-C0@fasolo.debian.org>
and subject line Bug#1033757: fixed in ghostscript 9.53.3~dfsg-7+deb11u4
has caused the Debian Bug report #1033757,
regarding ghostscript: CVE-2023-28879
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1033757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033757
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ghostscript: CVE-2023-28879
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 31 Mar 2023 21:19:42 +0200
- Message-id: <168029038217.1982392.13125138041379405317.reportbug@eldamar.lan>
Source: ghostscript
Version: 10.0.0~dfsg-9
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706494
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for ghostscript.
CVE-2023-28879[0]:
| In Artifex Ghostscript through 10.01.0, there is a buffer overflow
| leading to potential corruption of data internal to the PostScript
| interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode,
| TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte
| less than full, and one then tries to write an escaped character, two
| bytes are written.
I'm preparing an update for this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-28879
https://www.cve.org/CVERecord?id=CVE-2023-28879
[1] https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public)
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.53.3~dfsg-7+deb11u4
Done: Salvatore Bonaccorso <carnil@debian.org>
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1033757@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 03 Apr 2023 19:30:02 +0200
Source: ghostscript
Architecture: source
Version: 9.53.3~dfsg-7+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1033757
Changes:
ghostscript (9.53.3~dfsg-7+deb11u4) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent buffer overrun in (T)BCP encoding (CVE-2023-28879)
(Closes: #1033757)
Checksums-Sha1:
e26202077d83a1598efe44950876e483a365308d 2864 ghostscript_9.53.3~dfsg-7+deb11u4.dsc
f7435cfd98bc39e4c260a008a76fbc5df3daf434 122660 ghostscript_9.53.3~dfsg-7+deb11u4.debian.tar.xz
Checksums-Sha256:
487feab3cb8e067e9a25701d8cf0445754370d255beabd94207f15edeb5ef7dd 2864 ghostscript_9.53.3~dfsg-7+deb11u4.dsc
c70cabc526556648f1443327b5e498baef5fd853a39641396dddd167331c978b 122660 ghostscript_9.53.3~dfsg-7+deb11u4.debian.tar.xz
Files:
5f56c0ad6592cd1e947776c945d25571 2864 text optional ghostscript_9.53.3~dfsg-7+deb11u4.dsc
44be9eae712a88614ceaac5843bf3bea 122660 text optional ghostscript_9.53.3~dfsg-7+deb11u4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQrEDhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFl8P/j2dRi6CdEz8KOZs7ExBSX4qcUkBbdkD
aET9BWh6YNiUxoj10hU/V15YT5t32NLkN/k7DB7qZk9pdkQFYyxzif1/THPaXg74
1D0k1TzucPF0i/qD5J4Vlof9YfDjRUvq3soGibAt6Sqb74D8DIyzJd4nAi8k83BJ
te+I8sYzVryG4VXUTsuJ4LZxoxLuzj4p5L++41smTvKZO9j4k45KhchE9/ttzw0v
ZrunWNJE8+ks3yRpRWhrtT8SO4sFUT1v8aH/rQ9SZlBQsmnamIP4Hytu7S6Xx8Ew
dDPiBy9fhr9uMTCN/T3XdRZiRm00L4qpGLjJ9zQXvgxzQCw7DQNGPL8SzE349g5C
61J8ifzy2dj6gCE6io1SeR+eNyS2o1C1Mw0015zdHzLDXA2MCSz+SBgQLZNGC4/1
2QyDTg17iuBAUn7wHceziQwlzb8M+XV5bUcX+YtDqLVsGZOfbSHYTF/e3fY9OIdZ
bD4w3yw/Bna9pmZ/PvfebIDfOB/7Fq4Eq8BaGf/GwhzjZZDCD3gJeeu5V9j6ANIL
cGxjj8D8orCHj36WFZn1F+Dul3488dApJqvigX8TuxXkLn3Bi37nUE/CJPhVgD2b
eeZ00W5xIc1qm8h1EWh/m1fybTldX4EV/rLZyWA4AVUQvVmd5kreuX8/LI8yB9Dt
u+hJDiiK6uSG
=hUi1
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: