Bug#583634: marked as done (evince: Insecure ghostscript invocation)

To: Debian Krap Maintainers <debian-qt-kde@lists.debian.org>
Subject: Bug#583634: marked as done (evince: Insecure ghostscript invocation)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 10 Jun 2010 12:51:12 +0000
Message-id: <[🔎] handler.583634.D583634.127617405413448.ackdone@bugs.debian.org>
References: <E1OMhAS-0002XT-M9@ries.debian.org> <20100529015559.20683.91615.reportbug@bari.maths.usyd.edu.au>

Your message dated Thu, 10 Jun 2010 12:47:32 +0000
with message-id <E1OMhAS-0002XT-M9@ries.debian.org>
and subject line Bug#583634: fixed in libspectre 0.2.6-1
has caused the Debian Bug report #583634,
regarding evince: Insecure ghostscript invocation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
583634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583634
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: evince: Insecure ghostscript invocation
From: Paul Szabo <paul.szabo@sydney.edu.au>
Date: Sat, 29 May 2010 11:55:59 +1000
Message-id: <20100529015559.20683.91615.reportbug@bari.maths.usyd.edu.au>

Package: evince
Version: 2.22.2-4~lenny1
Severity: grave
Tags: security
Justification: user security hole


Please see
  http://bugs.debian.org/583183
for details: evince seems to use ghostscript in an insecure way
when viewing PS files.

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages evince depends on:
ii  gconf2              2.22.0-1             GNOME configuration database syste
ii  gnome-icon-theme    2.22.0-1             GNOME Desktop icon theme
ii  libart-2.0-2        2.3.20-2             Library of functions for 2D graphi
ii  libatk1.0-0         1.22.0-1             The ATK accessibility toolkit
ii  libbonobo2-0        2.22.0-1             Bonobo CORBA interfaces library
ii  libbonoboui2-0      2.22.0-1             The Bonobo UI library
ii  libc6               2.7-18lenny2         GNU C Library: Shared libraries
ii  libcairo2           1.6.4-7              The Cairo 2D vector graphics libra
ii  libdbus-1-3         1.2.1-5+lenny1       simple interprocess messaging syst
ii  libdbus-glib-1-2    0.76-1               simple interprocess messaging syst
ii  libdjvulibre21      3.5.20-8+lenny1      Runtime support for the DjVu image
ii  libgcc1             1:4.3.2-1.1          GCC support library
ii  libgconf2-4         2.22.0-1             GNOME configuration database syste
ii  libglade2-0         1:2.6.2-1            library to load .glade files at ru
ii  libglib2.0-0        2.16.6-3             The GLib library of C routines
ii  libgnome-keyring0   2.22.3-2             GNOME keyring services library
ii  libgnome2-0         2.20.1.1-1           The GNOME 2 library - runtime file
ii  libgnomecanvas2-0   2.20.1.1-1           A powerful object-oriented display
ii  libgnomeui-0        2.20.1.1-2           The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0      1:2.22.0-5           GNOME Virtual File System (runtime
ii  libgtk2.0-0         2.12.12-1~lenny1     The GTK+ graphical user interface 
ii  libice6             2:1.0.4-1            X11 Inter-Client Exchange library
ii  libjpeg62           6b-14                The Independent JPEG Group's JPEG 
ii  libkpathsea4        2007.dfsg.2-4+lenny2 TeX Live: path search library for 
ii  libnautilus-extensi 2.20.0-7             libraries for nautilus components 
ii  liborbit2           1:2.14.13-0.1        libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0       1.20.5-5+lenny1      Layout and rendering of internatio
ii  libpoppler-glib3    0.8.7-3              PDF rendering library (GLib-based 
ii  libpopt0            1.14-4               lib for parsing cmdline parameters
ii  libsm6              2:1.0.3-2            X11 Session Management library
ii  libspectre1         0.2.0.ds-1           Library for rendering Postscript d
ii  libstdc++6          4.3.2-1.1            The GNU Standard C++ Library v3
ii  libtiff4            3.8.2-11.2           Tag Image File Format (TIFF) libra
ii  libx11-6            2:1.1.5-2            X11 client-side library
ii  libxml2             2.6.32.dfsg-5+lenny1 GNOME XML library
ii  shared-mime-info    0.30-2               FreeDesktop.org shared MIME databa
ii  zlib1g              1:1.2.3.3.dfsg-12    compression library - runtime

Versions of packages evince recommends:
ii  dbus-x11                  1.2.1-5+lenny1 simple interprocess messaging syst

Versions of packages evince suggests:
pn  poppler-data                  <none>     (no description available)
ii  unrar                         1:3.8.2-1  Unarchiver for .rar files (non-fre

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 583634-close@bugs.debian.org
Subject: Bug#583634: fixed in libspectre 0.2.6-1
From: Debian Krap Maintainers <debian-qt-kde@lists.debian.org>
Date: Thu, 10 Jun 2010 12:47:32 +0000
Message-id: <E1OMhAS-0002XT-M9@ries.debian.org>

Source: libspectre
Source-Version: 0.2.6-1

We believe that the bug you reported is fixed in the latest version of
libspectre, which is due to be installed in the Debian FTP archive:

libspectre-dev_0.2.6-1_amd64.deb
  to main/libs/libspectre/libspectre-dev_0.2.6-1_amd64.deb
libspectre1-dbg_0.2.6-1_amd64.deb
  to main/libs/libspectre/libspectre1-dbg_0.2.6-1_amd64.deb
libspectre1_0.2.6-1_amd64.deb
  to main/libs/libspectre/libspectre1_0.2.6-1_amd64.deb
libspectre_0.2.6-1.diff.gz
  to main/libs/libspectre/libspectre_0.2.6-1.diff.gz
libspectre_0.2.6-1.dsc
  to main/libs/libspectre/libspectre_0.2.6-1.dsc
libspectre_0.2.6.orig.tar.gz
  to main/libs/libspectre/libspectre_0.2.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 583634@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian Krap Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated libspectre package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jun 2010 14:34:08 +0200
Source: libspectre
Binary: libspectre1 libspectre1-dbg libspectre-dev
Architecture: source amd64
Version: 0.2.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian Krap Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Krap Maintainers <debian-qt-kde@lists.debian.org>
Description: 
 libspectre-dev - Library for rendering PostScript documents - development files
 libspectre1 - Library for rendering PostScript documents
 libspectre1-dbg - Debugging symbols for libspectre
Closes: 583634
Changes: 
 libspectre (0.2.6-1) unstable; urgency=low
 .
   [ Pino Toscano ]
   * New upstream release:
     + calls ghostscript in a more secure way. (Closes: #583634)
   * Set the source format to 1.0, for the moment.
   * Add "DM-Upload-Allowed: yes" in control.
Checksums-Sha1: 
 83d7479bb2a7c7432e370fe1f9314bd783b812a6 1261 libspectre_0.2.6-1.dsc
 819475c7e34a1e9bc2e876110fee530b42aecabd 358088 libspectre_0.2.6.orig.tar.gz
 819e07a7031538c62989c373a9c883b51127aa00 3247 libspectre_0.2.6-1.diff.gz
 f2cef64dd19d0f6c599d74c4017ff223900cbc1f 48936 libspectre1_0.2.6-1_amd64.deb
 896be88edc4fdd1084f9352413a9e4c49609998e 57356 libspectre1-dbg_0.2.6-1_amd64.deb
 799e8eafb5467a91823d9ec3605df364e2a3003e 52658 libspectre-dev_0.2.6-1_amd64.deb
Checksums-Sha256: 
 9c1574e3347995cd8d595f252ab34639310313c4f6980457be312fd4f9a0d5eb 1261 libspectre_0.2.6-1.dsc
 2f637c62322c8040514284c00f63a5c310a28801e7dcfbe2ba2791be4fac0dd3 358088 libspectre_0.2.6.orig.tar.gz
 7e6fb605ce7a11a04ffbf74e40bec113e595428038e9c6d377a7ca78ca8f1e53 3247 libspectre_0.2.6-1.diff.gz
 d5304c05236c269f7e7a1aa02098e61af3f9a2d1f78fbfddee76c87508a96306 48936 libspectre1_0.2.6-1_amd64.deb
 77190b613eaa5d0db0f68599b9a5489b3e7f07ae8ffe77589ad381bcfc394e15 57356 libspectre1-dbg_0.2.6-1_amd64.deb
 62b9f55c42b4e446f17d399f7ae195bf9d984a3fb4582029706e9451278c2edc 52658 libspectre-dev_0.2.6-1_amd64.deb
Files: 
 6c310a00be0c6c6b320436d6ec61a132 1261 libs optional libspectre_0.2.6-1.dsc
 5c6db35f2097c3a04c48c7f435d4b507 358088 libs optional libspectre_0.2.6.orig.tar.gz
 a2049a623d99d3548404c50e2111f54a 3247 libs optional libspectre_0.2.6-1.diff.gz
 25f636c54e7c5353bd78b8d79f1ec5e5 48936 libs optional libspectre1_0.2.6-1_amd64.deb
 3e6aaa66edce4da91cc7fad01f61f34e 57356 debug extra libspectre1-dbg_0.2.6-1_amd64.deb
 a3f6d14b11b6663a7fd6bca24127cb87 52658 libdevel optional libspectre-dev_0.2.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Signed by Ana Guerrero

iEYEARECAAYFAkwQ3aQACgkQn3j4POjENGGwQACeIHTgGYEhN1WyidF9yulil/tw
FyEAn3e1jp+gBkYkBHHVX7BUkrOtRTyK
=2KlY
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: libspectre_0.2.6-1_amd64.changes ACCEPTED
Next by Date: Processed (with 1 errors): archiving 567151
Previous by thread: libspectre_0.2.6-1_amd64.changes ACCEPTED
Next by thread: Processed (with 1 errors): archiving 567151
Index(es):
- Date
- Thread