Bug#859132: marked as done (unblock: ghostscript/9.20~dfsg-3)

Debian Bug Tracking System Thu, 30 Mar 2017 12:15:32 -0700

Your message dated Thu, 30 Mar 2017 19:09:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#859132: unblock: ghostscript/9.20~dfsg-3
has caused the Debian Bug report #859132,
regarding unblock: ghostscript/9.20~dfsg-3
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
859132: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859132
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Hi

Please unblock package ghostscript

The recent upload to unstable of ghostscript fixed CVE-2017-7207, a
NULL pointer dereference vulnerability in mem_get_bits_rectangle
function.

https://security-tracker.debian.org/tracker/CVE-2017-7207

Tracked as #858350 in the BTS (note the changelog did mistyped and
actually referenced the upstream bugzilla bugnumber, but apart the
typo the bug is closed).

unblock ghostscript/9.20~dfsg-3

Regards,
Salvatore

diff -Nru ghostscript-9.20~dfsg/debian/changelog 
ghostscript-9.20~dfsg/debian/changelog
--- ghostscript-9.20~dfsg/debian/changelog      2017-01-25 05:26:10.000000000 
+0100
+++ ghostscript-9.20~dfsg/debian/changelog      2017-03-21 17:20:00.000000000 
+0100
@@ -1,3 +1,10 @@
+ghostscript (9.20~dfsg-3) unstable; urgency=medium
+
+  * Fix NULL pointer dereference in mem_get_bits_rectangle().
+    Closes: Bug#697676 (CVE-2017-7207). Thanks to Salvatore Bonaccorso.
+
+ -- Jonas Smedegaard <[email protected]>  Tue, 21 Mar 2017 17:20:00 +0100
+
 ghostscript (9.20~dfsg-2) unstable; urgency=medium
 
   * Add patch cherry-picked upstream to always print full PWG Raster
diff -Nru ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch 
ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch
--- ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch        
1970-01-01 01:00:00.000000000 +0100
+++ ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch        
2017-03-21 17:18:22.000000000 +0100
@@ -0,0 +1,29 @@
+Description: Fix NULL pointer dereference in mem_get_bits_rectangle()
+ Ensure a device has raster memory, before trying to read it.
+ .
+ This is only possible by abusing/mis-using Ghostscript-specific
+ language extensions, so cannot happen in a general PostScript program.
+ .
+ Nevertheless, Ghostscript should not crash. So this commit checks the
+ memory device to see if raster memory has been allocated, before trying
+ to read from it.
+Origin: backport, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=309eca4
+Author: Ken Sharp <[email protected]>
+Bug: http://bugs.ghostscript.com/show_bug.cgi?id=697676
+Bug-Debian: https://bugs.debian.org/858350
+Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2017-7207
+Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7207
+Forwarded: yes
+Last-Update: 2017-03-21
+
+--- a/base/gdevmem.c
++++ b/base/gdevmem.c
+@@ -605,6 +605,8 @@
+             GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE;
+         return_error(gs_error_rangecheck);
+     }
++    if (mdev->line_ptrs == 0x00)
++        return_error(gs_error_rangecheck);
+     if ((w <= 0) | (h <= 0)) {
+         if ((w | h) < 0)
+             return_error(gs_error_rangecheck);
diff -Nru ghostscript-9.20~dfsg/debian/patches/series 
ghostscript-9.20~dfsg/debian/patches/series
--- ghostscript-9.20~dfsg/debian/patches/series 2017-01-25 05:04:25.000000000 
+0100
+++ ghostscript-9.20~dfsg/debian/patches/series 2017-03-21 17:14:17.000000000 
+0100
@@ -6,6 +6,7 @@
 020161005~875a009.patch
 020161008~f5c7555.patch
 020161026~0726780.patch
+020170317~309eca4.patch
 1001_fix_openjp2_dynamic_linking.patch
 2001_docdir_fix_for_debian.patch
 2002_gs_man_fix_debian.patch

--- End Message ---

--- Begin Message ---

Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
> 
> Hi
> 
> Please unblock package ghostscript
> 
> The recent upload to unstable of ghostscript fixed CVE-2017-7207, a
> NULL pointer dereference vulnerability in mem_get_bits_rectangle
> function.
> 
> https://security-tracker.debian.org/tracker/CVE-2017-7207
> 
> Tracked as #858350 in the BTS (note the changelog did mistyped and
> actually referenced the upstream bugzilla bugnumber, but apart the
> typo the bug is closed).
> 
> unblock ghostscript/9.20~dfsg-3
> 
> Regards,
> Salvatore
> 

Unblocked, thanks.

~Niels

--- End Message ---

Bug#859132: marked as done (unblock: ghostscript/9.20~dfsg-3)

Reply via email to