Your message dated Sat, 23 Jan 2010 15:42:01 +0000
with message-id <[email protected]>
and subject line Bug#562643: fixed in ghostscript 8.70~dfsg-2.1
has caused the Debian Bug report #562643,
regarding CVE-2009-4270: Stack-based buffer overflow in the errprintf function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
562643: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562643
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ghostscript
Version: 8.70~dfsg-2
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ghostscript.
CVE-2009-4270[0]:
| Stack-based buffer overflow in the errprintf function in base/gsmisc.c
| in ghostscript 8.64 through 8.70 allows remote attackers to cause a
| denial of service (crash) and possibly execute arbitrary code via a
| crafted PDF file, as originally reported for debug logging code in
| gdevcups.c in the CUPS output driver.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4270
http://security-tracker.debian.org/tracker/CVE-2009-4270
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks2UncACgkQNxpp46476aqmhQCfZqFp5DcZ+MCssaojRwCoOouL
ywAAnj1EEYZDyd25UqAL391PEpxUnHLR
=pecB
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 8.70~dfsg-2.1
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive:
ghostscript-cups_8.70~dfsg-2.1_amd64.deb
to main/g/ghostscript/ghostscript-cups_8.70~dfsg-2.1_amd64.deb
ghostscript-doc_8.70~dfsg-2.1_all.deb
to main/g/ghostscript/ghostscript-doc_8.70~dfsg-2.1_all.deb
ghostscript-x_8.70~dfsg-2.1_amd64.deb
to main/g/ghostscript/ghostscript-x_8.70~dfsg-2.1_amd64.deb
ghostscript_8.70~dfsg-2.1.diff.gz
to main/g/ghostscript/ghostscript_8.70~dfsg-2.1.diff.gz
ghostscript_8.70~dfsg-2.1.dsc
to main/g/ghostscript/ghostscript_8.70~dfsg-2.1.dsc
ghostscript_8.70~dfsg-2.1_amd64.deb
to main/g/ghostscript/ghostscript_8.70~dfsg-2.1_amd64.deb
gs-common_8.70~dfsg-2.1_all.deb
to main/g/ghostscript/gs-common_8.70~dfsg-2.1_all.deb
gs-esp_8.70~dfsg-2.1_all.deb
to main/g/ghostscript/gs-esp_8.70~dfsg-2.1_all.deb
gs-gpl_8.70~dfsg-2.1_all.deb
to main/g/ghostscript/gs-gpl_8.70~dfsg-2.1_all.deb
libgs-dev_8.70~dfsg-2.1_amd64.deb
to main/g/ghostscript/libgs-dev_8.70~dfsg-2.1_amd64.deb
libgs8_8.70~dfsg-2.1_amd64.deb
to main/g/ghostscript/libgs8_8.70~dfsg-2.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Kirschbaum <[email protected]> (supplier of updated
ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 23 Jan 2010 10:19:35 +0100
Source: ghostscript
Binary: ghostscript gs-esp gs-gpl gs-common ghostscript-cups ghostscript-x
ghostscript-doc libgs8 libgs-dev
Architecture: source all amd64
Version: 8.70~dfsg-2.1
Distribution: unstable
Urgency: low
Maintainer: Masayuki Hatta (mhatta) <[email protected]>
Changed-By: Andreas Kirschbaum <[email protected]>
Description:
ghostscript - The GPL Ghostscript PostScript/PDF interpreter
ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS
filters
ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter -
Documentation
ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display
suppor
gs-common - Dummy package depending on ghostscript
gs-esp - Transitional package
gs-gpl - Transitional package
libgs-dev - The Ghostscript PostScript Library - Development Files
libgs8 - The Ghostscript PostScript/PDF interpreter Library
Closes: 562643
Changes:
ghostscript (8.70~dfsg-2.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix some security issues:
- CVE-2009-4270[0]: stack-based buffer overflow multiple integer
overflows in the icc library (closes: #562643)
- fix possible buffer overflow in gs_throw_imp()
Checksums-Sha1:
73f8ab9b80bbee7797728b9ad8b5ab26974c1120 1763 ghostscript_8.70~dfsg-2.1.dsc
dc350dee9b7cdacf240fe2227982ab44185f939b 154859
ghostscript_8.70~dfsg-2.1.diff.gz
53b946b1bfb3ae45da4c897ee87540a5241e6fe4 42498 gs-esp_8.70~dfsg-2.1_all.deb
eecb5d826acd71dc671b0fe63eda8c05769e508f 42496 gs-gpl_8.70~dfsg-2.1_all.deb
fce5686354e442417f32ad7dc13e0b1c14101c8f 42526 gs-common_8.70~dfsg-2.1_all.deb
089da1ec2dda2bcf286a3577217e7c67b8c80c91 3063686
ghostscript-doc_8.70~dfsg-2.1_all.deb
17748a0945c67d900cc7145c3a4f9f91f689d213 771798
ghostscript_8.70~dfsg-2.1_amd64.deb
39047e30dc0f2b0ad7cb8521b6964908bec02ee7 57650
ghostscript-cups_8.70~dfsg-2.1_amd64.deb
b080366b17764062a40735405b9453b3010c9285 76796
ghostscript-x_8.70~dfsg-2.1_amd64.deb
b66c8d416414bac2820d0e15c16dc3f8374a441f 2200316 libgs8_8.70~dfsg-2.1_amd64.deb
67d8ca7a55557963f10da1bfb984c4c9765d56ae 2783356
libgs-dev_8.70~dfsg-2.1_amd64.deb
Checksums-Sha256:
5d78f24b4bb808076f1a86f4a465a3f59e7dd30b1ba7c5b679da885e60054cca 1763
ghostscript_8.70~dfsg-2.1.dsc
519a100d2325f8d3da24ad6d2febd4a84ff38721ba805482eebb23e14946c98f 154859
ghostscript_8.70~dfsg-2.1.diff.gz
4905951b1af0a1a5e366cbd9431bcdc86fc339245e0935d8a5992d1401b4ad84 42498
gs-esp_8.70~dfsg-2.1_all.deb
532d69591e584fef38eb11c7e8d584b39903d745acefb5e0f969eecacc8f4cc7 42496
gs-gpl_8.70~dfsg-2.1_all.deb
352823e9de425d9090b5bdc987c205b11f666c36e7759b4a0d3e9a623d737d3c 42526
gs-common_8.70~dfsg-2.1_all.deb
b5e8adaa0fb627a708381b9ccffdd01628786e06f83821ea3e4e7743ddb0c6ef 3063686
ghostscript-doc_8.70~dfsg-2.1_all.deb
fb0cfd8e1ff136660cb1826ad0e6476c34fee68a98400ccc1c506cca14d96232 771798
ghostscript_8.70~dfsg-2.1_amd64.deb
0c4882e519512dadc66369fe8aab7c3f079cf0e874bcbe04c51506b43cb45cbd 57650
ghostscript-cups_8.70~dfsg-2.1_amd64.deb
d1eab65dadec50165b849a413a4cc61012fcfcd5205dd4200ae0cd144f6693ea 76796
ghostscript-x_8.70~dfsg-2.1_amd64.deb
1631bd76ae62bf0d23a61a56790e80a1f1a6adda2e55447aff5a28bd09fdb8b1 2200316
libgs8_8.70~dfsg-2.1_amd64.deb
b8e6c1e0a87db45246ed3664d9d41efed751c765bf8d1875718fbe1e3071cb14 2783356
libgs-dev_8.70~dfsg-2.1_amd64.deb
Files:
2641b64e89a8451ce4bf01655a238b18 1763 text optional
ghostscript_8.70~dfsg-2.1.dsc
8e9d125e8f2692ab11b1c462cb807704 154859 text optional
ghostscript_8.70~dfsg-2.1.diff.gz
331336b9fc81d42fb65ef1d1abbf06ee 42498 text extra gs-esp_8.70~dfsg-2.1_all.deb
9f762d4da0553a87fa8a3b250268cfe4 42496 text extra gs-gpl_8.70~dfsg-2.1_all.deb
e9a370a47ec3dcf51a525528eece2b64 42526 text extra
gs-common_8.70~dfsg-2.1_all.deb
f4bcd923c19743ec32806611adad398b 3063686 doc optional
ghostscript-doc_8.70~dfsg-2.1_all.deb
5b03d9e93d0fa1b0746424cdeb13f7ed 771798 text optional
ghostscript_8.70~dfsg-2.1_amd64.deb
9d4d835d2f920d4a4b4e1e652f23b820 57650 text optional
ghostscript-cups_8.70~dfsg-2.1_amd64.deb
777c3e4199fd12f28168877b2b38c9a0 76796 text optional
ghostscript-x_8.70~dfsg-2.1_amd64.deb
89dca72f62217f73412164fac2d233e5 2200316 libs optional
libgs8_8.70~dfsg-2.1_amd64.deb
4af2a1f9db08710c8b2a210199baee17 2783356 libdevel optional
libgs-dev_8.70~dfsg-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkta8CgACgkQbdB4RPTVesqcoQCdFbv7+oqelUuMc9aF8l+csmia
36UAn2YzN02hC648Z++3tvnXteUhhJsK
=lDtT
-----END PGP SIGNATURE-----
--- End Message ---
