Your message dated Wed, 12 Oct 2016 22:17:11 +0000
with message-id <e1burpn-0001t6...@franck.debian.org>
and subject line Bug#839845: fixed in ghostscript 9.06~dfsg-2+deb8u2
has caused the Debian Bug report #839845,
regarding ghostscript: CVE-2016-7978: reference leak in .setdevice allows 
use-after-free and remote code execution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
839845: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.19~dfsg-3
Severity: grave
Tags: security upstream
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697179

Hi

See:

Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
Patch: 
http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=d5ad1e02
CVE Request: http://www.openwall.com/lists/oss-security/2016/10/05/7

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.06~dfsg-2+deb8u2

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 839...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 08 Oct 2016 13:30:08 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common 
libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 839118 839260 839841 839845 839846
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug 
symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - 
Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 
support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common 
file
Changes:
 ghostscript (9.06~dfsg-2+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2013-5653: Information disclosure through getenv, filenameforall
     (Closes: #839118)
   * CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote
     shell command execution (Closes: #839260)
   * CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing
     remote file disclosure (Closes: #839841)
   * CVE-2016-7978: reference leak in .setdevice allows use-after-free and
     remote code execution (Closes: #839845)
   * CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code
     execution (Closes: #839846)
Checksums-Sha1: 
 b588704da31bacdd39d8673723b000827468a5f9 3015 
ghostscript_9.06~dfsg-2+deb8u2.dsc
 67365aa74ac2a302e082dc6b2124662a3e08d686 96344 
ghostscript_9.06~dfsg-2+deb8u2.debian.tar.xz
 3fb2685b8fa3fa1714bf642ce73bf4aabe60e6f2 5067220 
ghostscript-doc_9.06~dfsg-2+deb8u2_all.deb
 4eac087f729feaa9e3535d7e91d7c8516528bac7 1979836 
libgs9-common_9.06~dfsg-2+deb8u2_all.deb
Checksums-Sha256: 
 f74449c2025e1ca7f97da0f9d875bb00b19c65d8f35a2158f56aae10a455407e 3015 
ghostscript_9.06~dfsg-2+deb8u2.dsc
 e00a08abdf3e10cbb4a06c9758fc01fe7d5997c4a87c3e2e5ff32545dcec244e 96344 
ghostscript_9.06~dfsg-2+deb8u2.debian.tar.xz
 d33dd656712051f325116ccfc2932b8fc36473ef8bc376002384bb66825b7fde 5067220 
ghostscript-doc_9.06~dfsg-2+deb8u2_all.deb
 011526d50434dfc45365cb08a319c15fa9f3738b4ffe58426b26b7a5f4cce9d7 1979836 
libgs9-common_9.06~dfsg-2+deb8u2_all.deb
Files: 
 deecd3c66493c1737b5956ff7fdacd5e 3015 text optional 
ghostscript_9.06~dfsg-2+deb8u2.dsc
 fcc27764c58d681a71cf82757b2b2e6c 96344 text optional 
ghostscript_9.06~dfsg-2+deb8u2.debian.tar.xz
 a26fa2eba469b8cbfcdf7c846dfc8082 5067220 doc optional 
ghostscript-doc_9.06~dfsg-2+deb8u2_all.deb
 5d690f48416c022b1ca3c26e28fe4f26 1979836 libs optional 
libgs9-common_9.06~dfsg-2+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQKPBAEBCgB5BQJX+OKlXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRLdK
D/9Hb+2bm5pwwARX27BVpLXuUe8fREyHHp54buRYNWpS6sgNoy2tvPlutBwyh3vR
0BJojuPjLh69O2Z5pj1/6MXY1GjnzibWRGwrNuWeI64nNXN4XRAXIohizNjOpNsx
IC/3GaI+Wgy4wUl7vMWAQzfFAcU6MXnIAVRlSV+eG+T9VOxTFeR0poe5W1pAG4Sm
OQlnf/8Ytwwkjx59aChAOyEeiOY3qHEku8b+iwpijHsFHuflJy8MuZs/uVpVksiM
geHZYYRHfcj4C+2CDtk2ZyfadPP2S75tAw58furTAvWRf6d8jY/ZmGEK+nOApfBx
bnLD2L+GXxiVKAhDuQ/Ms5EYO5T7CuU/4uvMdK2abXVT4PKzXhxEXHJfrvBN+oEr
Z7ynDZB6NVM4E8saPfG+A31Rt/fp9KNALg95W74GEKtkUhiy2h6sScyHHW7TUlhX
M7Zv/95dZ/MrDZgYZX9zbffZpQLnaQH6s03w0bHIPwmssaMdUV7tSJdsg41bewmj
Yk+7QD33eJcfsF7t5759fVEFtJGFPPOi3xtNlNX13smby2WyYTFutwJltoRdygrL
ElKyfuoRZTE1m6YFaIt39SjcD03xBS4Zz8hwLyfY4EfLqWhd0ThRaYTaidhL/uUI
NHRbv8Gm+MqBFABiNHF809zFhAhyPDECs6ZcADuYQ4Ta6Q==
=XQEM
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to