Hi
CVE-2013-6402 was now assigned to this issue.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131128060624.ga31...@lorien.valinor.li
Package: hplip
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for hplip.
CVE-2013-6427[0]:
insecure auto update feature
SuSE decided to patch the update.py script to exit imediately, see [1]
for details. I have only verified that the hplip-data source
Architecture: source all amd64
Version: 3.13.11-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian HPIJS and HPLIP maintainers
pkg-hpijs-de...@lists.alioth.debian.org
Changed-By: Salvatore Bonaccorso car...@debian.org
Description:
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
Source: hplip
Version: 3.14.6-1
Severity: important
Tags: security upstream
Hi,
See https://marc.info/?l=oss-securitym=143290483527532w=2 for the
issue found by Enrico Zini.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities Exposures) id in your
Source: ippusbxd
Version: 1.21.2-1
Severity: important
Tags: security upstream
Hi
While reviewing ippusbxd in Ubuntu it was found that ippusbxd allows
access to a connected USB printer via all configured network
addresses, see
https://bugs.launchpad.net/ubuntu/+source/ippusbxd/+bug/1455644 and
Hey,
On Tue, Dec 15, 2015 at 07:56:54PM +0100, Samuel Thibault wrote:
> Giving some background for people who haven't had the whole story.
[...]
Since this is not directly releated to a security issue in
cups-filters, could you please drop t...@security.debian.org from
further replies? Would be
Hi Didier,
On Tue, Dec 15, 2015 at 11:48:19AM +0100, Didier 'OdyX' Raboud wrote:
> Hi Yann,
>
> Le lundi, 14 décembre 2015, 18.15:59 Yann Soubeyrand a écrit :
> > Attached is the upstream patch with proper DEP-3 headers.
> >
> > If you need help to prepare the packages for Jessie and Wheezy,
Hi Didier,
On Wed, Jan 20, 2016 at 08:29:29AM +0100, Didier 'OdyX' Raboud wrote:
> Le mardi, 19 janvier 2016, 00.38:02 Till Kamppeter a écrit :
> > On 01/14/2016 10:07 AM, Didier 'OdyX' Raboud wrote:
> > > Le jeudi, 14 janvier 2016, 01.38:19 Till Kamppeter a écrit :
> > >> Hi,
> > >>
> > >> I
Control: tags -1 + fixed-upstream
Hi
According to https://bugs.ghostscript.com/show_bug.cgi?id=697457#c7
this is fixed in the git repository for jbig2dec.
Regards,
Salvatore
Control: notfound -1 9.06~dfsg-2
Control: notfound -1 9.20~dfsg-2
Hi
After some more investigation I suspect the issue actually was only
introduced with
http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
and indeed applying that commit on top of the sid
+++ ghostscript-9.20~dfsg/debian/changelog 2017-02-26 21:03:15.0
+0100
@@ -1,3 +1,11 @@
+ghostscript (9.20~dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Resolve image enumerator ownership on error (CVE-2017-6196)
+(Closes: #856142)
+
+ -- Salvatore Bonaccorso
Source: ghostscript
Version: 9.19~dfsg-3
Severity: grave
Tags: security upstream
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697179
Hi
See:
Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
Patch:
clone 839260 -1
retitle -1 ghostscript: .libfile doesn't check PermitFileReading array,
allowing remote file disclosure
forwarded -1 http://bugs.ghostscript.com/show_bug.cgi?id=697169
retitle 839260 ghostscript: various userparams allow %pipe% in paths, allowing
remote shell command execution
Source: ghostscript
Version: 9.19~dfsg-3
Severity: grave
Tags: security upstream patch
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Hi
See:
Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
Patch:
Hi,
On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> On Wed, Oct 26, 2016 at 11:09:54PM -0400, Roberto C. Sánchez wrote:
> > On Tue, Oct 25, 2016 at 09:54:01PM +0200, Salvatore Bonaccorso wrote:
> > > Hi Roberto
> > >
> > > Could you doub
Hi
On Thu, Oct 27, 2016 at 06:40:12AM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> > On Thu, Oct 27, 2016 at 06:31:43AM -0400, Roberto C. Sánchez wrote:
> > > On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> > > >
>
Hi Edgar,
On Thu, Oct 27, 2016 at 10:01:53AM +0200, Edgar Fuß wrote:
> The problem is line 2011 in
> /usr/share/ghostscript/9.05/Resource/Init/gs_init.ps:
> systemdict /getenv {pop //false} put
> change that to
> systemdict /getenv {pop //false} .forceput
> (gs-commits
Hi,
On Thu, Oct 27, 2016 at 12:53:56PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> On Thu, Oct 27, 2016 at 06:40:12AM -0400, Roberto C. Sánchez wrote:
> > On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> > > On Thu, Oct 27, 2016 at 06:31:43AM -0400,
Hi Francesco,
On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> > > Is your plan to release this a
On Thu, Oct 27, 2016 at 08:54:39PM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> > On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
> >
> > [...]
> > > On Thu, Oct 27, 2016 at 09:50:02AM -
Hi Roberto,
On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> Is your plan to release this as a -2 regression update to the previous
> DSA? I assume that is what you plan to do, but I wanted to confirm to
> be certain.
Yes exactly, that's the plan. I would still like to hear
Hi
I now have uploaded the version (see previously sent debdiff) to
security master and will release the regression update once all archs
have build the packages.
Regards,
Salvatore
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697203
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-8602[0]:
another type confusion bug
If
Control: affects -1 security.debian.org
Control: tags -1 + help
Hi Francesco,
On Thu, Oct 13, 2016 at 11:56:22PM +0200, Francesco Poli (wintermute) wrote:
> Package: libgs9
> Version: 9.06~dfsg-2+deb8u3
> Severity: grave
> Tags: security
> Justification: renders package unusable
>
> Hello!
>
>
Control: severity -1 serious
Rationale for severity increase: We ship DSA-3691-1 in jessie
containing the fix, and not having the security fix in stretch then
would be a regression.
Regards,
Salvatore
Hi Francesco,
On Fri, Oct 14, 2016 at 10:56:57PM +0200, Francesco Poli wrote:
> On Fri, 14 Oct 2016 06:47:47 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > Hi Francesco,
>
> Hello Salvatore, thanks for your fast reply!
>
> >
> > On Thu, Oct 13, 2016
Source: jbig2dec
Version: 0.13-3
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for jbig2dec.
NOTE: Actually not much has been published yet. There is an upstream
bugreport at [1], so I opening this bug in the Debian BTS to help
tracking the issue.
hi Jonas
Thanks for fixing CVE-2017-7207 in unstable. Can you ask as well
release team for an unblock, so that the fix goes to stretch?
Btw, there was a wrong bug closer for this bug (using the upstream bug
number instead), thus closed this one manually.
Regards,
Salvatore
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10219[0]:
| The intersect function in base/gxfill.c in Artifex
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697548
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-5951[0]:
| The mem_get_bits_rectangle function in base/gdevmem.c in Artifex
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10317[0]:
| The fill_threshhold_buffer function in base/gxht_thresh.c in
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7976[0]:
| Artifex jbig2dec 0.13 allows out-of-bounds
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697676
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-7207[0]:
| The mem_get_bits_rectangle function in Artifex Software,
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698158
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-11714[0]:
| psi/ztoken.c in Artifex Ghostscript 9.21
Source: ghostscript
Version: 9.21~dfsg-1
Severity: normal
Tags: security patch upstream
Hi,
the following vulnerabilities were published for ghostscript. Note,
I'm collecting those in one bug, because they are currently
unimportant for Debian as xps/ not used during build. But it would be
nice
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698056
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9727[0]:
| The gx_ttfReader__Read function in
Source: ghostscript
Version: 9.21~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697985
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9835[0]:
| The gs_alloc_ref_array function in
Source: ghostscript
Version: 9.06~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698063
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9739[0]:
| The Ins_JMPR function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698026
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9612[0]:
| The Ins_IP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698024
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9611[0]:
| The Ins_MIRP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream security patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698055
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9726[0]:
| The Ins_MDRP function in base/ttinterp.c in
On Thu, Apr 27, 2017 at 07:03:05AM +0200, Salvatore Bonaccorso wrote:
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808
FTR, the bug has been restricted in meanwhile, but did contain a
reproducer to demonstrate the issue.
Regards,
Salvatore
SuSE has caputred the initial report including a reproducer to verify
the issue (and verify the fix upstream once landed there):
https://bugzilla.suse.com/show_bug.cgi?id=1036453
Regards,
Salvatore
Hi
Upstream commits are now available:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
Regards,
Salvatore
+ * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
+(Closes: #859666)
+ * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
+(Closes: #859662)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Fri, 28 Apr 2017 06:50:05 +0200
+
ghostscript (9.20~dfsg-3) unstable
Control: tags -1 + fixed-upstream
Hi
there is now a commit upstream for this issue:
Fixed in
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
Regards,
Salvatore
Control: tags -1 + fixed-upstream
On Thu, Apr 20, 2017 at 08:15:29AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: upstream security
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697693
> Control: found -1 0.1
Control: tags -1 + fixed-upstream
On Thu, Apr 20, 2017 at 08:12:01AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: security upstream
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
> Control: found -1 0.1
Package: ghostscript
Version: 9.20~dfsg-3.1
Severity: serious
Tags: patch security upstream fixed-upstream
Justification: regression
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697846
Hi
The update in unstable for ghostscript breaks pstoedit when using
DELAYBIND feature.
Details:
FTR, "reproducer"
$ pstoedit -f plot-svg foo.pdf foo.svg -dt -ssp -psarg -r9600x9600 -pta
Regards,
Salvatore
)
+(Closes: #860787)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Tue, 16 May 2017 20:08:21 +0200
+
jbig2dec (0.13-4) unstable; urgency=medium
* Add patches cherry-picked upstream to squash signed/unsigned
diff -Nru jbig2dec-0.13/debian/patches/020170426~5e57e48.patch jbig2dec-0.13/
Hi,
On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> Tavis Ormandy disclosed a new ghoscript security issue, leading directly to
> code
> execution: http://openwall.com/lists/oss-security/2018/08/21/2
There are actually several issues, see the whole thread. For now
Hi,
On Mon, Aug 27, 2018 at 08:34:25PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2018-08-26 21:55:14)
> > Hi,
> >
> > On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> > > Tavis Ormandy disclosed a new ghoscript se
Control: retitle -1 ghostscript: CVE-2018-16509
Hi
The full set for the now assigned CVE-2018-16509 is actually:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699671
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-16510[0]:
| An issue was discovered in
hi,
On Sat, Sep 08, 2018 at 10:52:36AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Sep 08, 2018 at 10:17:10AM +0200, Salvatore Bonaccorso wrote:
> > (which might require
> > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699670
Control: fixed -1 9.20~dfsg-3.2+deb9u4
Hi,
The following vulnerability was published for ghostscript.
Hi,
On Sat, Sep 08, 2018 at 10:17:10AM +0200, Salvatore Bonaccorso wrote:
> (which might require
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3439399a5c
> as well).
Scratch that, thas is just a fix for a further issue, namely
CVE-2
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699663
Control: fixed -1 9.20~dfsg-3.2+deb9u3
Hi,
The following vulnerability was published for ghostscript.
=medium
+
+ * Non-maintainer upload.
+ * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
+(Closes: #860869)
+ * pdfwrite - Guard against trying to output an infinite number
+(CVE-2018-10194) (Closes: #896069)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Fri, 20 Apr 2018 12
Hi Jonas,
On Fri, Apr 20, 2018 at 07:23:22PM +0200, Jonas Smedegaard wrote:
> Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:
> > Control: tags 860869 + patch
> > Control: tags 860869 + pending
> > Control: tags 896069 + pending
> >
> > Dear maintainer,
> >
> > I've
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699255
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-10194[0]:
| The set_text_distance function in devices/vector/gdevpdts.c
Source: ghostscript
Version: 9.20~dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699963
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-18284[0]:
1Policy operator gives access to .forceput
If you fix the
Source: ghostscript
Version: 9.22~dfsg-1
Severity: important
Tags: patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700023
Hi
In 9.22rc1 upstrean there was a regression introduced in 9.22rc1
causing that for instance all the papersize with define "LeadingEdge"
can't print
Hi Markus,
On Thu, Sep 27, 2018 at 10:33:06PM +0200, Markus Koschany wrote:
> Hi,
>
> I believe I have found the solution to this problem. Apparently they
> changed the underlying device for ps2ascii to txtwrite last year.
>
>
Hi Markus,
On Sat, Sep 29, 2018 at 03:06:04PM +0200, Markus Koschany wrote:
> I have tried some of those commits:
>
> http://git.ghostscript.com/?p=ghostpdl.git=search=HEAD=commit=txtwrite
>
> This one adds even more whitespace and moves the 1 character further to
> the right.
>
>
Hi,
Futher tests and comparisons make me confident that with
cc746214644deacd5233a1453ce660573af09443 needed the output of stretch
aligns to the one produced in unstable's ghostscript (9.25~dfsg-2).
There is still the output changes produces, which might impact
(build)-rdepends, so we might need
Source: ghostscript
Version: 9.20~dfsg-3.2+deb9u5
Severity: important
Tags: upstream
Control: found -1 9.25~dfsg-1~exp1
Control: found -1 9.25~dfsg-1
Control: affects -1 + security.debian.org
Control: affects -1 + release.debian.org
A user reported a further regression with ghostscript after the
Source: ghostscript
Version: 9.25~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699927
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-18073[0]:
saved execution stacks can leak operator arrays
If you fix the
Hi,
Further datapoint: This regressed already in the 9.20~dfsg-3.2+deb9u4
vesion, so its not going to be the same issue as #909929.
Unstable's version (9.25~dfsg-2) looks good as well.
Regards,
Salvatore
Source: ghostscript
Version: 9.25~dfsg-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-17961[0]:
ghostscript: bypassing executeonly to escape -dSAFER sandbox
If you fix the vulnerability
Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Control: found -1 9.20~dfsg-1
There is one more followup fix needed:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=79cccf641486
https://bugs.ghostscript.com/show_bug.cgi?id=699654
Decoupling this
Hi
FTR, I tried to bisect the issue, by using commits between 9.20 and
9.21 upstream and applying on top each
fb713b3818b52d8a6cf62c951eba2e1795ff9624 . Due to a possibly unrelated
bug, some of the commits cause "empty" outputs, so I had to skip those
all. The resulting git bisect is
git bisect
Source: cups
Version: 2.2.9-4
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for cups.
CVE-2018-4700[0]:
Linux session cookies used a predictable random number seed
If you fix the vulnerability please also make sure to include the
CVE (Common
Source: ghostscript
Version: 9.26~dfsg-1
Severity: serious
Tags: patch upstream
Justification: regression
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700315
Control: found -1 9.26~dfsg-0+deb9u1
Control: affects -1 release.debian.org,security.debian.org
Hi
There is a regression
hi,
On Tue, Sep 18, 2018 at 09:58:10AM +0200, Mattia Rizzolo wrote:
> Package: ghostscript
> Version: 9.20~dfsg-3.2+deb9u5
> Severity: serious
> X-Debbugs-CC: t...@security.debian.org, Moritz Mühlenhoff ,
> reproducible-bui...@lists.alioth.debian.org
> Control: affects -1 diffoscope
>
> Dear
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3835[0]:
superexec operator is available
If you fix the
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700576
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3838[0]:
forceput in DefineResource is
Hi Paul,
On Mon, May 13, 2019 at 10:21:21PM +0200, Paul van der Vlis wrote:
> Package: ghostscript
> Version: 9.26a~dfsg-0+deb9u3
>
>
> After doing the Ghostscript upgrade from 9.26a~dfsg-0+deb9u2 to
> 9.26a~dfsg-0+deb9u3 cups did not print anymore at a customer PC.
> Downgrading the
reassign 928952 src:cups-filters
forcemerge 928936 928952
close 928936 1.21.6-5
close 928936 1.22.5-1
thanks
Source: cups
Version: 2.2.10-6
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
Filling for tracking. The recent 2.2.12[1] release includes fixes for
several security issues, two of those got CVEs and are related to SNMP
buffer overflows. [2] includes all those.
09:49:11.0 +0200
@@ -1,3 +1,11 @@
+ghostscript (9.27~dfsg-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload (with maintainers approval).
+ * protect use of .forceput with executeonly (CVE-2019-10216)
+(Closes: #934638)
+
+ -- Salvatore Bonaccorso Tue, 13 Aug 2019 09:49:11
Source: ghostscript
Version: 9.27~dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=701394
Control: found -1 9.27~dfsg-2
Control: found -1 9.26a~dfsg-0+deb9u2
Control: found -1 9.26a~dfsg-0+deb9u3
Control: found
Source: cups
Version: 2.2.10-1
Severity: minor
Hi
There was confusion and typo on one CVE id for a CVE-2018-4300. See
https://github.com/apple/cups/issues/5561 for details (the CVE id was
later on as well fixed retrospectively upstream in NEWS/changelogs).
To avoid confusions, and if this fits
Source: ghostscript
Version: 9.50~dfsg-2
Severity: grave
Tags: security upstream
Control: found -1 9.26a~dfsg-0+deb9u5
Control: found -1 9.26a~dfsg-0+deb9u1
Control: found -1 9.27~dfsg-2+deb10u2
Control: found -1 9.27~dfsg-1
Control: found -1 9.27~dfsg-3.1
Control: fixed -1 9.26a~dfsg-0+deb9u6
Source: cups
Version: 2.3.0-7
Severity: important
Tags: security upstream
Control: found -1 2.2.10-6+deb10u1
Control: found -1 2.2.1-8+deb9u2
Control: found -1 2.2.1-8+deb9u4
Control: found -1 2.2.1-8
Hi,
The following vulnerability was published for cups.
CVE-2019-2228[0]:
| In array_find of
Hi Jonas,
On Mon, Nov 18, 2019 at 10:34:17PM +0100, Jonas Smedegaard wrote:
> Control: severity -1 important
>
> Quoting Salvatore Bonaccorso (2019-11-14 22:47:49)
> > Source: ghostscript
> > Version: 9.50~dfsg-2
> > Severity: grave
> > Tags: security upstream
&
Hi Jonas,
On Thu, Sep 09, 2021 at 08:09:42PM +0200, Jonas Smedegaard wrote:
> Hi Salvatore,
>
> Quoting Salvatore Bonaccorso (2021-09-09 19:20:08)
> > The following vulnerability was published for ghostscript.
> >
> > CVE-2021-3781[0].
>
> I have prepared a pac
Source: ghostscript
Version: 9.53.3~dfsg-7
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=704342
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for
Hi Jonas,
On Thu, Sep 09, 2021 at 09:16:22PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2021-09-09 20:43:30)
> > Hi Jonas,
> >
> > On Thu, Sep 09, 2021 at 08:09:42PM +0200, Jonas Smedegaard wrote:
> > > Hi Salvatore,
> > >
> > >
Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups.
CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed
Source: jbig2dec
Version: 0.19-1
Severity: normal
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=707308
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jbig2dec.
CVE-2023-46361[0]:
| Artifex Software
Source: cups
Version: 2.4.1op1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.3.3op2-3+deb11u1
Control: found -1 2.3.3op2-3
Control: found -1 2.2.10-6+deb10u5
Control: found -1 2.2.10-6
Control: fixed -1 2.3.3op2-3+deb11u2
Source: ippsample
Version: 0.0~git20220607.72f89b3-1
Severity: normal
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ippsample.
CVE-2023-28428[0]:
| PDFio is a C library for reading and writing PDF files. In
Source: cups
Version: 2.4.2-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups.
CVE-2023-34241[0]:
| use-after-free in cupsdAcceptClient()
If you fix the vulnerability please also make sure to
Source: cpdb-libs
Version: 1.2.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cpdb-libs.
CVE-2023-34095[0]:
| cpdb-libs provides frontend and backend libraries for the Common
| Printing
Source: cups-filters
Version: 1.28.17-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups-filters.
CVE-2023-24805[0]:
| RCE in cups-filters, beh CUPS backend
If
97 matches
Mail list logo
