Package: ghostscript Severity: important Tags: security patch Hi,
the following vulnerability was published for ghostscript. CVE-2015-3228[0]: Integer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228 Please adjust the affected versions in the BTS as needed. All the versions in Debian are affected by the underlying problem in the memory allocation (see http://bugs.ghostscript.com/show_bug.cgi?id=696070) but experimental (9.15~rc1~dfsg-1) does not trigger the segfault due do other changes. You can reproduce the problem with this: $ wget http://bugs.ghostscript.com/attachment.cgi?id=11776 -O /tmp/test.ps $ ps2pdf /tmp/test.ps Segmentation fault The suggested patch is here: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org