Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi Please unblock package ghostscript The recent upload to unstable of ghostscript fixed CVE-2017-7207, a NULL pointer dereference vulnerability in mem_get_bits_rectangle function. https://security-tracker.debian.org/tracker/CVE-2017-7207 Tracked as #858350 in the BTS (note the changelog did mistyped and actually referenced the upstream bugzilla bugnumber, but apart the typo the bug is closed). unblock ghostscript/9.20~dfsg-3 Regards, Salvatore
diff -Nru ghostscript-9.20~dfsg/debian/changelog ghostscript-9.20~dfsg/debian/changelog --- ghostscript-9.20~dfsg/debian/changelog 2017-01-25 05:26:10.000000000 +0100 +++ ghostscript-9.20~dfsg/debian/changelog 2017-03-21 17:20:00.000000000 +0100 @@ -1,3 +1,10 @@ +ghostscript (9.20~dfsg-3) unstable; urgency=medium + + * Fix NULL pointer dereference in mem_get_bits_rectangle(). + Closes: Bug#697676 (CVE-2017-7207). Thanks to Salvatore Bonaccorso. + + -- Jonas Smedegaard <d...@jones.dk> Tue, 21 Mar 2017 17:20:00 +0100 + ghostscript (9.20~dfsg-2) unstable; urgency=medium * Add patch cherry-picked upstream to always print full PWG Raster diff -Nru ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch --- ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch 1970-01-01 01:00:00.000000000 +0100 +++ ghostscript-9.20~dfsg/debian/patches/020170317~309eca4.patch 2017-03-21 17:18:22.000000000 +0100 @@ -0,0 +1,29 @@ +Description: Fix NULL pointer dereference in mem_get_bits_rectangle() + Ensure a device has raster memory, before trying to read it. + . + This is only possible by abusing/mis-using Ghostscript-specific + language extensions, so cannot happen in a general PostScript program. + . + Nevertheless, Ghostscript should not crash. So this commit checks the + memory device to see if raster memory has been allocated, before trying + to read from it. +Origin: backport, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=309eca4 +Author: Ken Sharp <ken.sh...@artifex.com> +Bug: http://bugs.ghostscript.com/show_bug.cgi?id=697676 +Bug-Debian: https://bugs.debian.org/858350 +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2017-7207 +Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7207 +Forwarded: yes +Last-Update: 2017-03-21 + +--- a/base/gdevmem.c ++++ b/base/gdevmem.c +@@ -605,6 +605,8 @@ + GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE; + return_error(gs_error_rangecheck); + } ++ if (mdev->line_ptrs == 0x00) ++ return_error(gs_error_rangecheck); + if ((w <= 0) | (h <= 0)) { + if ((w | h) < 0) + return_error(gs_error_rangecheck); diff -Nru ghostscript-9.20~dfsg/debian/patches/series ghostscript-9.20~dfsg/debian/patches/series --- ghostscript-9.20~dfsg/debian/patches/series 2017-01-25 05:04:25.000000000 +0100 +++ ghostscript-9.20~dfsg/debian/patches/series 2017-03-21 17:14:17.000000000 +0100 @@ -6,6 +6,7 @@ 020161005~875a009.patch 020161008~f5c7555.patch 020161026~0726780.patch +020170317~309eca4.patch 1001_fix_openjp2_dynamic_linking.patch 2001_docdir_fix_for_debian.patch 2002_gs_man_fix_debian.patch
