Bug#840451: marked as done (ghostscript: CVE-2016-8602)
Your message dated Fri, 28 Oct 2016 18:20:44 + with message-idand subject line Bug#840451: fixed in ghostscript 9.19~dfsg-3.1 has caused the Debian Bug report #840451, regarding ghostscript: CVE-2016-8602 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 840451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.06~dfsg-2 Severity: grave Tags: security upstream patch Justification: user security hole Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697203 Hi, the following vulnerability was published for ghostscript. CVE-2016-8602[0]: another type confusion bug If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8602 [1] http://bugs.ghostscript.com/show_bug.cgi?id=697203 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.19~dfsg-3.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 840...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 27 Oct 2016 13:25:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.19~dfsg-3.1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 839118 839260 839841 839845 839846 840451 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.19~dfsg-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2013-5653: Information disclosure through getenv, filenameforall (Closes: #839118) * CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote shell command execution (Closes: #839260) * CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing remote file disclosure (Closes: #839841) * CVE-2016-7978: reference leak in .setdevice allows use-after-free and remote code execution (Closes: #839845) * CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code execution (Closes: #839846) * CVE-2016-8602: check for sufficient params in .sethalftone5 and param types (Closes: #840451) * Add 840691-Fix-.locksafe.patch patch. Fixes regression seen with zathura and evince. Fix .locksafe. We need to .forceput the defintion of getenv into systemdict. Thanks to Edgar Fuß Checksums-Sha1: 73e9eb76a5189dc9a1bd57752b26f4edae837946 2997 ghostscript_9.19~dfsg-3.1.dsc d969bd2cc53abe7352922c1853c47e7ccb0d8eeb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz 285f6d7b5828229ebfd9ba92d92168fabc90331a 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb 20aa04760215363e21fdffde03a4f23f7ce2111b 3030750 libgs9-common_9.19~dfsg-3.1_all.deb Checksums-Sha256: d0c44fabebe04b6d2797d61df9940c1ac5897ff47d0dd3882e6eaa603fdd6642 2997 ghostscript_9.19~dfsg-3.1.dsc 0e22f98aed5e9b705a241acd401303c57467b686363912bf6c85422c587e90bb 106324
Bug#840451: marked as done (ghostscript: CVE-2016-8602)
Your message dated Wed, 12 Oct 2016 22:17:31 + with message-idand subject line Bug#840451: fixed in ghostscript 9.06~dfsg-2+deb8u3 has caused the Debian Bug report #840451, regarding ghostscript: CVE-2016-8602 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 840451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.06~dfsg-2 Severity: grave Tags: security upstream patch Justification: user security hole Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697203 Hi, the following vulnerability was published for ghostscript. CVE-2016-8602[0]: another type confusion bug If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-8602 [1] http://bugs.ghostscript.com/show_bug.cgi?id=697203 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.06~dfsg-2+deb8u3 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 840...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 11 Oct 2016 19:35:21 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 840451 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-8602: check for sufficient params in .sethalftone5 and param types (Closes: #840451) Checksums-Sha1: 41bdb26bd1ea14b0b6b6eb9a2a1daf95d17eb7f5 3015 ghostscript_9.06~dfsg-2+deb8u3.dsc 0c83b15b2a487fc61758aa04e3a3c227ccb4ee96 96812 ghostscript_9.06~dfsg-2+deb8u3.debian.tar.xz a5a21d01334ea485c09769352e11c107f70f6b7c 5067396 ghostscript-doc_9.06~dfsg-2+deb8u3_all.deb ba384549b40d0077df6f5c3892047c9682674928 1979586 libgs9-common_9.06~dfsg-2+deb8u3_all.deb Checksums-Sha256: a689038dd7f76cc88b0a42f944ceab129d5ae63cbd712f1ef33fc74a52780dfe 3015 ghostscript_9.06~dfsg-2+deb8u3.dsc 2c5b8347f50d1773f537e4281e54165c9a35068523dcbc576be78ec9d2af8251 96812 ghostscript_9.06~dfsg-2+deb8u3.debian.tar.xz 6b6998308aa0a5e2b8caa49063b7f868f62c4a1fcda59aaaf7ea934abd343b83 5067396 ghostscript-doc_9.06~dfsg-2+deb8u3_all.deb 6bd3d78f5da9d83994005d0a4beae988673fa0dee07ea258162901f1e71e4f59 1979586 libgs9-common_9.06~dfsg-2+deb8u3_all.deb Files: 0012de5bc99ea883002a08c514cfd53b 3015 text optional ghostscript_9.06~dfsg-2+deb8u3.dsc 681e01f662f954ac3986723b74c7e8ab 96812 text optional ghostscript_9.06~dfsg-2+deb8u3.debian.tar.xz e29c10ae368ce10dabcea7d309ec2d97 5067396 doc optional ghostscript-doc_9.06~dfsg-2+deb8u3_all.deb 5e8488216658c659d9c365f61847dc37 1979586 libs optional libgs9-common_9.06~dfsg-2+deb8u3_all.deb -BEGIN PGP SIGNATURE- iQKPBAEBCgB5BQJX/STyXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w