Launchpad has imported 30 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=208999.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-02-05T13:58:41+00:00 rbu wrote: Stack-based buffer overflow in the zseticcspace() function in zicc.c, will result in arbitrary code execution. Currently under embargo, awaiting upstream patch. The $URL is private. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/1 ------------------------------------------------------------------------ On 2008-02-14T02:28:20+00:00 rbu wrote: Tom and Stefan, can you please create an ebuild with the patch applied and attach it to this bug. Do not commit anything to CVS yet as long as this bug is under embargo. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/3 ------------------------------------------------------------------------ On 2008-02-14T02:28:50+00:00 rbu wrote: Created attachment 143467 ghostscript-8.60-CVE-2008-0411.diff Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/4 ------------------------------------------------------------------------ On 2008-02-24T11:17:28+00:00 rbu wrote: Tom and Stefan, can you please prepare an ebuild so we can test this before Feb. 27? Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/5 ------------------------------------------------------------------------ On 2008-02-25T07:32:37+00:00 pva wrote: Created attachment 144554 ghostscript-gnu-8.60.0-r1.ebuild.patch I'll attach patch's for maintainer and others review. This one is for ghostscript-gnu. Other ghostscript packages will follow as soon as I test them... Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/6 ------------------------------------------------------------------------ On 2008-02-25T08:57:02+00:00 pva wrote: Created attachment 144560 ghostscript-esp-8.15.4.ebuild.patch Patch for ghostscript-esp. Includes lot's of quotations fixes. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/7 ------------------------------------------------------------------------ On 2008-02-25T09:00:50+00:00 pva wrote: Created attachment 144561 ghostscript-gpl-8.61-r2.ebuild.patch And this is patch for ghostscript-gpl. But note during commit patch itself should go into ghostscript-gpl-8.61-patchset-4.tar.bz2. So this patch is for testing purposes only. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/8 ------------------------------------------------------------------------ On 2008-02-25T16:05:59+00:00 rbu wrote: Arch Security Liaisons, please test the attached ebuilds and report stable on this bug. =app-text/ghostscript-esp-8.15.4-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" =app-text/ghostscript-gnu-8.60.0-r2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" =app-text/ghostscript-gpl-8.61-r3 Target keywords : "ppc64 release" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer Reply at: https://bugs.launchpad.net/ubuntu/+source/gs-gpl/+bug/196397/comments/9 ------------------------------------------------------------------------ On 2008-02-25T16:06:53+00:00 rbu wrote: Oh, and thanks Peter for preparing the ebuilds and doing some QA on the existing ones. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/10 ------------------------------------------------------------------------ On 2008-02-25T17:47:34+00:00 jer wrote: Both are good for HPPA. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/11 ------------------------------------------------------------------------ On 2008-02-25T17:51:23+00:00 fauli wrote: (In reply to comment #7) > Arch Security Liaisons, please test the attached ebuilds and report stable on > this bug. There is something wrong with the keywords: > =app-text/ghostscript-gpl-8.61-r3 > Target keywords : "ppc64 release" Especially this one. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/12 ------------------------------------------------------------------------ On 2008-02-25T17:55:49+00:00 jer wrote: (In reply to comment #10) > (In reply to comment #7) > > Arch Security Liaisons, please test the attached ebuilds and report stable > > on > > this bug. > > There is something wrong with the keywords: > > =app-text/ghostscript-gpl-8.61-r3 > > Target keywords : "ppc64 release" > > Especially this one. Not just that - AFAIK ghostscript-esp is getting dropped somewhere in the future and this bug doesn't have an attachment that patches a ghostscript-esp ebuild. Also odd is that patch to a few ebuilds were posted instead of the new ebuilds themselves as is common practice. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/13 ------------------------------------------------------------------------ On 2008-02-25T17:58:24+00:00 fauli wrote: (In reply to comment #11) > (In reply to comment #10) > > (In reply to comment #7) > > > Arch Security Liaisons, please test the attached ebuilds and report > > > stable on > > > this bug. > > > > There is something wrong with the keywords: > > > =app-text/ghostscript-gpl-8.61-r3 > > > Target keywords : "ppc64 release" > > > > Especially this one. > > Not just that - AFAIK ghostscript-esp is getting dropped somewhere in the > future and this bug doesn't have an attachment that patches a ghostscript-esp > ebuild. It does. See comment #5. > Also odd is that patch to a few ebuilds were posted instead of the new ebuilds > themselves as is common practice. Not that bad. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/14 ------------------------------------------------------------------------ On 2008-02-25T18:03:07+00:00 rbu wrote: (In reply to comment #10) > There is something wrong with the keywords: Yes, sorry. I mixed up gpl and gnu. =app-text/ghostscript-esp-8.15.4-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" =app-text/ghostscript-gnu-8.60.0-r2 Target keywords : "ppc64 release" =app-text/ghostscript-gpl-8.61-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86" Reply at: https://bugs.launchpad.net/ubuntu/+source/gs-gpl/+bug/196397/comments/15 ------------------------------------------------------------------------ On 2008-02-25T18:09:57+00:00 fauli wrote: Ok...-gpl and -esp fine on x86, they survived my stress test with different things on a really huge PostScript file. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/16 ------------------------------------------------------------------------ On 2008-02-25T18:15:39+00:00 jer wrote: (In reply to comment #12) > It does. See comment #5. Ow, missed that. Sorry. > > Also odd is that patch to a few ebuilds were posted instead of the new > > ebuilds > > themselves as is common practice. > > Not that bad. It's bad when you require seven people to download and apply three patches individually - it's one more step to perform in testing each of the ebuilds. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/17 ------------------------------------------------------------------------ On 2008-02-25T18:28:03+00:00 pva wrote: Jeroen I didn't knew that and will do next time. Right now I've downloaded 5 patches for shorewall* packages and believe me - patches are not so hard to use ;) Just 2-3 additional commands but they worth it as patch greatly simplify review. If that's necessary I can attach full ebuilds now. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/18 ------------------------------------------------------------------------ On 2008-02-26T04:22:32+00:00 jer wrote: ghostscript-esp is good for HPPA too. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/19 ------------------------------------------------------------------------ On 2008-02-26T19:55:47+00:00 dertobi123 wrote: looks good on ppc ... Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/20 ------------------------------------------------------------------------ On 2008-02-28T08:33:09+00:00 corsair wrote: looks good on ppc64, too. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/24 ------------------------------------------------------------------------ On 2008-02-28T21:13:30+00:00 fmccor wrote: ghostscript-gpl-8.61.r2 is good on sparc; the others look good on sparc. I also thought ghostscript-esp was either dying or dead, but it does look good. Why are we keeping it around? Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/25 ------------------------------------------------------------------------ On 2008-02-28T21:51:44+00:00 welp wrote: Looks good for amd64 too. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/27 ------------------------------------------------------------------------ On 2008-02-29T08:54:28+00:00 rbu wrote: This is public now. Peter/Printing, can you commit this to the tree with the stable keywords mentioned here. I can re-cc the missing arches. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/28 ------------------------------------------------------------------------ On 2008-02-29T12:22:14+00:00 pva wrote: Commited in the tree. Target keywords left: =app-text/ghostscript-esp-8.15.4-r1: "release, alpha, arm, ia64, m68k, mips, s390, sh" =app-text/ghostscript-gpl-8.61-r3: "release, alpha, arm, ia64, m68k, sh" Seems that the only reason to keep app-text/ghostscript-esp in the tree is that mips, s390 and sh still have not keyworded/stabilized app- text/ghostscript-{gpl,gnu}. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/29 ------------------------------------------------------------------------ On 2008-03-01T20:21:17+00:00 armin76 wrote: alpha/ia64 stable, Robert, i think i told you to cc me on restricted bugs, i hate you now! :P Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/30 ------------------------------------------------------------------------ On 2008-03-01T22:18:18+00:00 rhill wrote: mips is going all ~arch. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/31 ------------------------------------------------------------------------ On 2008-03-02T08:32:11+00:00 pva wrote: Fixed in release snapshot. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/32 ------------------------------------------------------------------------ On 2008-03-02T15:26:05+00:00 jaervosz wrote: Seems ready for GLSA. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/33 ------------------------------------------------------------------------ On 2008-03-04T21:08:21+00:00 tgurr wrote: Just a note: I committed ghostscript-gpl-8.62 to the tree a few minutes ago which had the fix applied upstream. Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/35 ------------------------------------------------------------------------ On 2008-03-08T18:30:41+00:00 py wrote: GLSA 200803-14 Reply at: https://bugs.launchpad.net/ubuntu/+source/gs- gpl/+bug/196397/comments/37 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ghostscript in Ubuntu. https://bugs.launchpad.net/bugs/196397 Title: [ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code Status in GS-GPL: Fix Released Status in ghostscript package in Ubuntu: Fix Released Status in gs-esp package in Ubuntu: Invalid Status in gs-gpl package in Ubuntu: Invalid Status in ghostscript source package in Dapper: Invalid Status in gs-esp source package in Dapper: Fix Released Status in gs-gpl source package in Dapper: Fix Released Status in ghostscript source package in Edgy: Invalid Status in gs-esp source package in Edgy: Fix Released Status in gs-gpl source package in Edgy: Fix Released Status in ghostscript source package in Feisty: Invalid Status in gs-esp source package in Feisty: Fix Released Status in gs-gpl source package in Feisty: Fix Released Status in ghostscript source package in Gutsy: Fix Released Status in gs-esp source package in Gutsy: Invalid Status in gs-gpl source package in Gutsy: Invalid Status in ghostscript package in Debian: Fix Released Status in ghostscript package in Fedora: Fix Released Status in ghostscript package in Gentoo Linux: Fix Released Status in ghostscript package in Mandriva: Unknown Bug description: Binary package hint: gs-gpl References: DSA-1510-1 (http://www.debian.org/security/2008/dsa-1510) Quoting: "Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file." To manage notifications about this bug go to: https://bugs.launchpad.net/gs-gpl/+bug/196397/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
