Your message dated Sun, 01 Oct 2023 12:17:08 +0000 with message-id <e1qmvnk-00gndh...@fasolo.debian.org> and subject line Bug#1043033: fixed in ghostscript 10.0.0~dfsg-11+deb12u2 has caused the Debian Bug report #1043033, regarding ghostscript: CVE-2023-38559 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1043033: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043033 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ghostscript Version: 10.01.2~dfsg-1 Severity: important Tags: security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706897 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 10.0.0~dfsg-11+deb12u1 Control: found -1 10.0.0~dfsg-11 Control: found -1 9.53.3~dfsg-7+deb11u5 Control: found -1 9.53.3~dfsg-7 Hi, The following vulnerability was published for ghostscript. CVE-2023-38559[0]: | A buffer overflow flaw was found in base/gdevdevn.c:1973 in | devn_pcx_write_rle() in ghostscript. This issue may allow a local | attacker to cause a denial of service via outputting a crafted PDF | file for a DEVN device with gs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-38559 https://www.cve.org/CVERecord?id=CVE-2023-38559 [1] https://bugs.ghostscript.com/show_bug.cgi?id=706897 (private) [2] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ghostscript Source-Version: 10.0.0~dfsg-11+deb12u2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1043...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Sep 2023 14:33:30 +0200 Source: ghostscript Architecture: source Version: 10.0.0~dfsg-11+deb12u2 Distribution: bookworm Urgency: medium Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1043033 Changes: ghostscript (10.0.0~dfsg-11+deb12u2) bookworm; urgency=medium . * Non-maintainer upload. * Copy pcx buffer overrun fix from devices/gdevpcx.c (CVE-2023-38559) (Closes: #1043033) * IJS device - try and secure the IJS server startup (CVE-2023-43115) Checksums-Sha1: a36dd604e265a585f35066817cd9fb6adb452ad8 3019 ghostscript_10.0.0~dfsg-11+deb12u2.dsc 7564abe828336f78229e65c2192fdfc71bb733a5 87996 ghostscript_10.0.0~dfsg-11+deb12u2.debian.tar.xz 28cc778cddc52864ce1475672159a88be1eccb12 7225 ghostscript_10.0.0~dfsg-11+deb12u2_source.buildinfo Checksums-Sha256: 8a42d9e7c037612cd0079f5a3727a8f6bae9c797354046273d8d38b7aedee323 3019 ghostscript_10.0.0~dfsg-11+deb12u2.dsc 9e84aaa85d25dd525e70724554f68b37011e68c85c2e54119beb414dcce70bf5 87996 ghostscript_10.0.0~dfsg-11+deb12u2.debian.tar.xz 1b059057afd237a2473a833530223337069189393db0ad65212065657d1c4419 7225 ghostscript_10.0.0~dfsg-11+deb12u2_source.buildinfo Files: 4c84a6f30c7c192c774312a9b4236108 3019 text optional ghostscript_10.0.0~dfsg-11+deb12u2.dsc a2b618cc53bdeef787d4c168fa764bb8 87996 text optional ghostscript_10.0.0~dfsg-11+deb12u2.debian.tar.xz 62f2b9ac9de0320e8c89743fb6a41a02 7225 text optional ghostscript_10.0.0~dfsg-11+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUWxQ1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFk4P/jA8kDZqS6LKncDVnvPio3aEQftwSdML ws6jF2fgLjRX9vBrkpzz+4Zuhi7EZFP8j6cX6qP5unjl+yTlXYvQEgYEiuiuq/19 vcrL6PCVRKehJCs25PSzSglSNtyFq510NPDwuILFRfhaa7NTrwHzaLRDB58PVIRv pP4m3jmYVISuo0+rV6TGCHroQ+C9aM/zevhu0ntWBQ6mLi3Qa++4DyXGnmn9od+k nGuOZqiLSzGUdMNv12iUS+M5whUyPjucXZJnoFkatNAezL3B/VX/5m3yrTH3tLq5 UhmZ5yf7ip5U7UKOROVqRdloici6/6BGUGdV8jcZBTBSQhgHb3PdxtJrH0OpbXDd DMeeOE/jYOlkccvguuMFKbxk6yNOay163EDU3/HSaz7nK0/626WZgF5OSPYiUEOl /M4fT+S304X4A+HerEH0KfGefVrXgSY4iuUnIUSmJ9inzLNMlxGDbxqtvGuPrDAb TSEXTxrSIK8SVLwuMO8t/gzkW22/eGnSUxFdDdqSPdK3QIQEKQkgj2TVG8yZshG8 GVhKepxl7Jpwn79ruzq9KRv5udeU68KceJu3MQxV5oZE1WKIej6a3K3nhZE5Rf7J Sv/AzdtVFsOxpBh77rB10t6LpFWlZYmqGnDJhNMuk7JBaWN8g5oInFSRDnsPyKPX lamXTEauzlwH =syul -----END PGP SIGNATURE-----
--- End Message ---
