Your message dated Sat, 01 Mar 2008 11:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#468190: fixed in ghostscript 8.61.dfsg.1-1.1
has caused the Debian Bug report #468190,
regarding ghostscript: CVE-2008-0411 buffer overflow via crafted .ps file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
468190: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468190
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ghostscript
Version: 8.61.dfsg.1-1
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ghostscript.

CVE-2008-0411[0]:
| This advisory notes a stack-based buffer overflow in the zseticcspace()
| function in zicc.c. The issue is over-trust of the length of a postscript 
array
| which an attacker can set to an arbitrary length. One slight amusement is that
| the overflowed type is "float", leading to machine code -> float conversion in
| any exploit.

Mitre has not yet put any vulnerability text on their website.
In the meantime you can get a verbose description on:
http://scary.beasts.org/security/ea9fde3e0e58b7b6/CESA-2008-001.html

A patch is attached.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
--- src/zicc.c
+++ src/zicc.c	2008-02-05 16:11:59.000000000 +0000
@@ -77,6 +77,9 @@ zseticcspace(i_ctx_t * i_ctx_p)
     dict_find_string(op, "N", &pnval);
     ncomps = pnval->value.intval;
 
+    if (2*ncomps > sizeof(range_buff)/sizeof(float))
+	return_error(e_rangecheck);
+
     /* verify the DataSource entry */
     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
         return_error(e_undefined);

Attachment: pgpurQMIz2Xo7.pgp
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 8.61.dfsg.1-1.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive:

ghostscript-doc_8.61.dfsg.1-1.1_all.deb
  to pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1-1.1_all.deb
ghostscript-x_8.61.dfsg.1-1.1_i386.deb
  to pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1.1_i386.deb
ghostscript_8.61.dfsg.1-1.1.diff.gz
  to pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1.1.diff.gz
ghostscript_8.61.dfsg.1-1.1.dsc
  to pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1.1.dsc
ghostscript_8.61.dfsg.1-1.1_i386.deb
  to pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1.1_i386.deb
gs-aladdin_8.61.dfsg.1-1.1_all.deb
  to pool/main/g/ghostscript/gs-aladdin_8.61.dfsg.1-1.1_all.deb
gs-common_8.61.dfsg.1-1.1_all.deb
  to pool/main/g/ghostscript/gs-common_8.61.dfsg.1-1.1_all.deb
gs-esp_8.61.dfsg.1-1.1_all.deb
  to pool/main/g/ghostscript/gs-esp_8.61.dfsg.1-1.1_all.deb
gs-gpl_8.61.dfsg.1-1.1_all.deb
  to pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1-1.1_all.deb
gs_8.61.dfsg.1-1.1_all.deb
  to pool/main/g/ghostscript/gs_8.61.dfsg.1-1.1_all.deb
libgs-dev_8.61.dfsg.1-1.1_i386.deb
  to pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1.1_i386.deb
libgs8_8.61.dfsg.1-1.1_i386.deb
  to pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 01 Mar 2008 11:18:27 +0100
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x 
ghostscript-doc libgs8 libgs-dev
Architecture: source all i386
Version: 8.61.dfsg.1-1.1
Distribution: unstable
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - 
Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display 
suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Transitional package
 gs-esp     - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Closes: 468190
Changes: 
 ghostscript (8.61.dfsg.1-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by security team.
   * Fix stack based buffer overflow in the zseticcspace() function possibly
     leading to arbitrary code exeuction via a crafted ps file.
     (31_CVE-2008-0411.dpatch; Closes: #468190).
   * Adjusting libgs shlibs file to match the new version number.
Files: 
 4b13d5e051399481cc4f627a8e9a5e00 1075 text optional 
ghostscript_8.61.dfsg.1-1.1.dsc
 facf21877c387072d6c3a2942403b8c9 100431 text optional 
ghostscript_8.61.dfsg.1-1.1.diff.gz
 06a4fba09a1ad3466271c7730c9049d8 26318 text extra gs_8.61.dfsg.1-1.1_all.deb
 deda1d324e052b036389be84920ed323 26320 text extra 
gs-esp_8.61.dfsg.1-1.1_all.deb
 aa6a52b47b97b16cc109ca3aff0a7bbd 26318 text extra 
gs-gpl_8.61.dfsg.1-1.1_all.deb
 e5ceb8c4993e3ea9a0123141dc3a6809 26320 text extra 
gs-aladdin_8.61.dfsg.1-1.1_all.deb
 cf5e7d220594453bf2208bd48d288b40 26326 text extra 
gs-common_8.61.dfsg.1-1.1_all.deb
 5b8795861c2c1c3f58064f16ccd1eda3 2757942 doc optional 
ghostscript-doc_8.61.dfsg.1-1.1_all.deb
 2ca343539641651e42c04f6b9cb13edd 794260 text optional 
ghostscript_8.61.dfsg.1-1.1_i386.deb
 164952e1c8d85ca58cff776e893d69c9 58582 text optional 
ghostscript-x_8.61.dfsg.1-1.1_i386.deb
 ccdf6e61e0ce1ef563d0fd30f3dcd0e8 2193984 libs optional 
libgs8_8.61.dfsg.1-1.1_i386.deb
 a66592348519a92715d1c103872dd5c0 35042 libdevel optional 
libgs-dev_8.61.dfsg.1-1.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHyTWTHYflSXNkfP8RAqMEAJoCrC8YH6kqlKzWBG32QyXfKbQ5xQCfVkqm
eTg0nRXN5GXVRyHN4QHgksA=
=rZKj
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to