Re: Wheezy update of jbig2dec?
Quoting Thorsten Alteholz (2017-04-28 19:53:02) > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of jbig2dec: > https://security-tracker.debian.org/tracker/CVE-2017-7885 > https://security-tracker.debian.org/tracker/CVE-2017-7975 > https://security-tracker.debian.org/tracker/CVE-2017-7976 > > Would you like to take care of this yourself? [...] > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets > released. I have no plan to work on this for the Debian LTS derivative of Debian, so please feel free to go ahead with it. Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
ghostscript_9.06~dfsg-2+deb8u5_allonly.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 2fad4b983c3e377831bdbb41b2931b7801a5852af5e990dd73f25f0b1dedd206 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Files: cd42658d6bb92c53893b6cc074447dd7 3044 text optional ghostscript_9.06~dfsg-2+deb8u5.dsc 947cd7155561de35b402acc790acdc92 99820 text optional ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 86512a2ba1ae1616e1f684b8bed65638 5067584 doc optional ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 14dd4974786b18da1e7baa84714f0509 1979830 libs optional libgs9-common_9.06~dfsg-2+deb8u5_all.deb -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkDAKJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMMoP/jOPsBQ2cXbxTb8ZbG3O8ZMPOyhWigVH qq3gGgYXTWRez6NdSSGHNjiDCUX0NppYfiW0OqRnAAv0E1ypYQsqk/M2LBTkhMRy D/oYFlZ2/B8RSo4/tQwCHxeUagj/AvaH7Pc6Zqf+njakhu6csz7vm2wJyAXVF/8V wOIBTu3+61SGUijfDkXruBX3HuHTx1m53ijd73McdmmkSl6Ygs7HBjb2cfEFEDvM BWBe6BpzVE4vzcxK+7SzLJoBgOrb50Df5ZaGdPRDcFQDMlPzmvTR8NEMFY6GIc9z KuGDe1E+uCGGM8F+uR0xPHYlAQSkk3W6nAPNV+XunTanNuk682I29NKmSjNFQGDO CztBciB1Ir8oK2mPfVWT/VIXuaNU4YvlOD/4dbwoXrOmWHsCbT9UsZuSkWw8niN9 /6nnD3vlQQEFkV3r0q8+VTAjf79WmI78tYE07jaj78ISbfzSJQW4DfDw3dmUnF3w tVd9FX5PuWbj3EDnZvNVCkKi2lfNDU2BjqcT01NNOP+8E3tv3eIWuHCAMquTA6cQ nouXe06AiBOxhKZh+lYkvJHJ9u4vZzleesqTDhfeMX0O7XHLOKVUW0FH5QQDx4To OX5fkqwVmKCTqhWYVbzzPKvOnVNf0ZqyPGZgQe72a/Svfdk7363P9Uq4JielNjxV ocbK4QPHpt9g =RoV4 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#861295: marked as done (ghostscript: CVE-2017-8291: shell injection)
Your message dated Fri, 28 Apr 2017 21:02:08 + with message-id and subject line Bug#861295: fixed in ghostscript 9.06~dfsg-2+deb8u5 has caused the Debian Bug report #861295, regarding ghostscript: CVE-2017-8291: shell injection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.06~dfsg-2 Severity: grave Tags: upstream security Justification: user security hole Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808 Hi, the following vulnerability was published for ghostscript. CVE-2017-8291[0]: | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote | command execution via a "/OutputFile (%pipe%" substring in a crafted | .eps document that is an input to the gs program, as exploited in the | wild in April 2017. Regading the CVE assignment, note that it is psecific to the shell injection, as per https://bugs.ghostscript.com/show_bug.cgi?id=697808#c1 if the segmentation violation that is seen when executing this sample represents a second security issue then it will get a second CVE. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697808 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.06~dfsg-2+deb8u5 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 861...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghosts
Bug#859696: marked as done (ghostscript: CVE-2017-5951)
Your message dated Fri, 28 Apr 2017 21:02:08 + with message-id and subject line Bug#859696: fixed in ghostscript 9.06~dfsg-2+deb8u5 has caused the Debian Bug report #859696, regarding ghostscript: CVE-2017-5951 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859696 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697548 Hi, the following vulnerability was published for ghostscript. CVE-2017-5951[0]: | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (NULL pointer dereference and application crash) via | a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. As per 2017-04-06 there is no upstrream fix yet for this issue. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.06~dfsg-2+deb8u5 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 2fad4b983c3e377831bdbb41b2931b7801a5852af5e990dd73f25f0b1dedd206 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all
Bug#859666: marked as done (ghostscript: CVE-2016-10219)
Your message dated Fri, 28 Apr 2017 21:02:08 + with message-id and subject line Bug#859666: fixed in ghostscript 9.06~dfsg-2+deb8u5 has caused the Debian Bug report #859666, regarding ghostscript: CVE-2016-10219 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859666 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: security patch upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453 Hi, the following vulnerability was published for ghostscript. CVE-2016-10219[0]: | The intersect function in base/gxfill.c in Artifex Software, Inc. | Ghostscript 9.20 allows remote attackers to cause a denial of service | (divide-by-zero error and application crash) via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697453 [2] http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.06~dfsg-2+deb8u5 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 2fad4b983c3e377831bdbb41b2931b7801a5
Bug#859694: marked as done (ghostscript: CVE-2016-10220)
Your message dated Fri, 28 Apr 2017 21:02:08 + with message-id and subject line Bug#859694: fixed in ghostscript 9.06~dfsg-2+deb8u5 has caused the Debian Bug report #859694, regarding ghostscript: CVE-2016-10220 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859694 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for ghostscript. CVE-2016-10220[0]: | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (NULL pointer dereference and application crash) via | a crafted file that is mishandled in the PDF Transparency module. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10220 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697450 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=daf85701dab05f17e924a48a81edc9195b4a04e8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.06~dfsg-2+deb8u5 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 2fad4b983c3e37783
Wheezy update of jbig2dec?
Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of jbig2dec: https://security-tracker.debian.org/tracker/CVE-2017-7885 https://security-tracker.debian.org/tracker/CVE-2017-7975 https://security-tracker.debian.org/tracker/CVE-2017-7976 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-...@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. You can also opt-out from receiving future similar emails in your answer and then the LTS Team will take care of jbig2dec updates for the LTS releases. Thank you very much. Thorsten Alteholz, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
ghostscript_9.06~dfsg-2+deb8u5_allonly.changes ACCEPTED into proposed-updates->stable-new
Mapping stable-security to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 2fad4b983c3e377831bdbb41b2931b7801a5852af5e990dd73f25f0b1dedd206 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Files: cd42658d6bb92c53893b6cc074447dd7 3044 text optional ghostscript_9.06~dfsg-2+deb8u5.dsc 947cd7155561de35b402acc790acdc92 99820 text optional ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 86512a2ba1ae1616e1f684b8bed65638 5067584 doc optional ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 14dd4974786b18da1e7baa84714f0509 1979830 libs optional libgs9-common_9.06~dfsg-2+deb8u5_all.deb -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkDAKJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMMoP/jOPsBQ2cXbxTb8ZbG3O8ZMPOyhWigVH qq3gGgYXTWRez6NdSSGHNjiDCUX0NppYfiW0OqRnAAv0E1ypYQsqk/M2LBTkhMRy D/oYFlZ2/B8RSo4/tQwCHxeUagj/AvaH7Pc6Zqf+njakhu6csz7vm2wJyAXVF/8V wOIBTu3+61SGUijfDkXruBX3HuHTx1m53ijd73McdmmkSl6Ygs7HBjb2cfEFEDvM BWBe6BpzVE4vzcxK+7SzLJoBgOrb50Df5ZaGdPRDcFQDMlPzmvTR8NEMFY6GIc9z KuGDe1E+uCGGM8F+uR0xPHYlAQSkk3W6nAPNV+XunTanNuk682I29NKmSjNFQGDO CztBciB1Ir8oK2mPfVWT/VIXuaNU4YvlOD/4dbwoXrOmWHsCbT9UsZuSkWw8niN9 /6nnD3vlQQEFkV3r0q8+VTAjf79WmI78tYE07jaj78ISbfzSJQW4DfDw3dmUnF3w tVd9FX5PuWbj3EDnZvNVCkKi2lfNDU2BjqcT01NNOP+8E3tv3eIWuHCAMquTA6cQ nouXe06AiBOxhKZh+lYkvJHJ9u4vZzleesqTDhfeMX0O7XHLOKVUW0FH5QQDx4To OX5fkqwVmKCTqhWYVbzzPKvOnVNf0ZqyPGZgQe72a/Svfdk7363P9Uq4JielNjxV ocbK4QPHpt9g =RoV4 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Processing of ghostscript_9.06~dfsg-2+deb8u5_allonly.changes
ghostscript_9.06~dfsg-2+deb8u5_allonly.changes uploaded successfully to localhost along with the files: ghostscript_9.06~dfsg-2+deb8u5.dsc ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb libgs9-common_9.06~dfsg-2+deb8u5_all.deb Greetings, Your Debian queue daemon (running on host usper.debian.org)
ghostscript_9.20~dfsg-3.1_multi.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 06:50:05 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.20~dfsg-3.1 Distribution: unstable Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 859662 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.20~dfsg-3.1) unstable; urgency=high . * Non-maintainer upload. * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217) (Closes: #859662) Checksums-Sha1: 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Checksums-Sha256: 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd5133d1e6be25 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb 975eb0dee2daec3abec78a5a711a266e62c097f022bd311c81eec482021469f8 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Files: e175a069819fb9b4427d067224117197 3025 text optional ghostscript_9.20~dfsg-3.1.dsc 0c1e846432225a349fc8c2468782e348 114264 text optional ghostscript_9.20~dfsg-3.1.debian.tar.xz 58c815ac983e543243491b7868dbb1fc 5630604 doc optional ghostscript-doc_9.20~dfsg-3.1_all.deb 553fdff0bcc31e300f5c935379b2cecf 5160310 libs optional libgs9-common_9.20~dfsg-3.1_all.deb -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkCzw9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EvcIP/2pqibgJm2OGBXZg/D4AfLfufCIlLz2e mGWTBipJa1zcWX42jQ57bsKaQ2va7C2FFOTwDUumOKlo/TqwOmYV3irwqr2I3ihI ILvE7CzgLf/Rfaem6BuCqUtRU0oop58iFHHp93XYvJ7wlklh6Lz7bvkzowp6ca0H 20BF4trrm9eLuT8aiPyogmvqer63IGpIgG1SbuZUE9AB0i4NgsvUZkrPd5CQN73v ctYGACXejCIU/YF6QvmFT1i0joeideS1dNJRrxesY7f2S5cSEbEh7pueiCV9vf15 tE+iRZ7W+NoeTJwHgh5bDYL71mCCfPeD3CtSGcVqVWCVw10IP2yD8OnU8ie030cX oslYjp3XIDtaaxzfF+MIEz7ha6hM1FQOxtQAMJhdHM9PGY0baJf0+dwa/YF/n/mO WRAguwFnPV5cQYcyqPV1tHUkdSdQsCFu+gZfIb7SEK/b3RV8PfqdDnzSOr53V31Q dyzhDp28lGHgymCkY19gl9WHszKWumj3OddBc6Kk9q7UHpeKmkMK9R7PYBoZUKqL YD54sgg0tAByfyJT/wzJpkS5F4L2Z2kfyCiOCfv1bVMp1IEJy/3+iZdmm9sIl5y2 5JtyQ3rocStOHnodpIf9Ni+L9RFAmQa2xeAwRfyPsKnGY8fvdy9FumSrBXJlNyi6 5RSYeXgZB7Pm =D0ON -END PGP SIGNATURE- Thank you for your contribution to Debian.
cups-filters_1.13.5-1_source.changes ACCEPTED into experimental
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:05:35 +0200 Source: cups-filters Binary: libcupsfilters1 libfontembed1 cups-filters cups-filters-core-drivers libcupsfilters-dev libfontembed-dev cups-browsed Architecture: source Version: 1.13.5-1 Distribution: experimental Urgency: medium Maintainer: Debian Printing Team Changed-By: Didier Raboud Description: cups-browsed - OpenPrinting CUPS Filters - cups-browsed cups-filters - OpenPrinting CUPS Filters - Main Package cups-filters-core-drivers - OpenPrinting CUPS Filters - Driverless printing libcupsfilters-dev - OpenPrinting CUPS Filters - Development files for the library libcupsfilters1 - OpenPrinting CUPS Filters - Shared library libfontembed-dev - OpenPrinting CUPS Filters - Development files for font embed libr libfontembed1 - OpenPrinting CUPS Filters - Font Embed Shared library Changes: cups-filters (1.13.5-1) experimental; urgency=medium . * New upstream version 1.13.5 * Fix version typo in previous changelog entry * Add _CFcupsSetError symbol to libcupsfilters.so.1 Checksums-Sha1: 980c1ceaf6c659c53af3df122ea1c6f19a4d3c03 2759 cups-filters_1.13.5-1.dsc 3c4cb22fa363dab458ab11d9b058b873db93815f 1424764 cups-filters_1.13.5.orig.tar.xz f460ca7a2cb3ff9b9d8125d1f6937c8d5d7e9b48 72208 cups-filters_1.13.5-1.debian.tar.xz 972227bc7ebe6fc1a7d03f44be61bedf5e8ce420 10455 cups-filters_1.13.5-1_source.buildinfo Checksums-Sha256: acae2432fb69701d507db45d71b5c7738cbde9aa4111227cd4056f353762b092 2759 cups-filters_1.13.5-1.dsc 35db1c5821c9ff0e0fedcf87b3ae68a424ad951bd8af421a2a1aac5613e17b8d 1424764 cups-filters_1.13.5.orig.tar.xz 101b7af0d7fd8b2b097efef739a737ab7a51f770f0a51dc71330f90020ecd67c 72208 cups-filters_1.13.5-1.debian.tar.xz c0754713f7969c27d1923b00593f8db2e705c734f9e4804dbd415a2832e3bc6c 10455 cups-filters_1.13.5-1_source.buildinfo Files: b0ac2f065f98c40e71112daae1426dd9 2759 net optional cups-filters_1.13.5-1.dsc 14e480832b872183574e6bfccdb7eff8 1424764 net optional cups-filters_1.13.5.orig.tar.xz e9cd2bc3d88121c7208f92bb18f1a94d 72208 net optional cups-filters_1.13.5-1.debian.tar.xz 5cdc9964ffc42b13dc4feed658791d5b 10455 net optional cups-filters_1.13.5-1_source.buildinfo -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEe+WPIRpjNw1/GSB7i8+nHsoWNFUFAlkC+YAACgkQi8+nHsoW NFUC4gv8CiEvWt7Dpne0Xq4cxKGV3Cl8Y3oBhK1eBnneYXoxaZrdtLnViWg+O/ge kNv34GxFoAze4CsW8QhpbZpi15a4tQ60keZAJJJqDqKm/A2vFmoU+BuEP5SS5sDP d+Hz6zUccSGsWG3rkTOS5IAZHjtW9hyYJNfuheK+Sqdx4efA2fuaBjqzVy3qJQS1 YK6RdNoJZC1s3epllQSYuJ1zmjYa/RWniqOJZn8QzqYYHaJH1AntrQJ77BPxd3yd T/XLiKnsYGLsm9IGuHS6TwWbQj+vrtUeJ5pKImxAOKagTcspluVqxWsUM5ZvNVCh SHcps18L1b9V68uX30LpAbRqE2LN75k/wK7GrC8cwrXb3d74loaAIRy78/M2JPWl V9AQkdiURtHUjhZRdq8R6wBkGoSS47uqbefDHaAN23WYWt1i8vJ7E+9mRH2Zi2Wb yT1x/Umi6x2lYG1J8H9r6x9EGMu0ll8Qt0NCmUoSI+/4yuxhEl8jy5cZiUqYb+Ms W2Um2JLW =Tsmq -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#859694: marked as done (ghostscript: CVE-2016-10220)
Your message dated Fri, 28 Apr 2017 09:03:57 + with message-id and subject line Bug#859694: fixed in ghostscript 9.20~dfsg-3.1 has caused the Debian Bug report #859694, regarding ghostscript: CVE-2016-10220 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859694: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859694 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for ghostscript. CVE-2016-10220[0]: | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (NULL pointer dereference and application crash) via | a crafted file that is mishandled in the PDF Transparency module. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10220 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10220 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697450 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=daf85701dab05f17e924a48a81edc9195b4a04e8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.20~dfsg-3.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 06:50:05 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.20~dfsg-3.1 Distribution: unstable Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 859662 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.20~dfsg-3.1) unstable; urgency=high . * Non-maintainer upload. * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217) (Closes: #859662) Checksums-Sha1: 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Checksums-Sha256: 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd5133d1e6be25 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb 975eb0dee2daec3abec78a5a711a266e62c097f022bd311c81eec482021469f8 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Files:
Bug#861295: marked as done (ghostscript: CVE-2017-8291: shell injection)
Your message dated Fri, 28 Apr 2017 09:03:57 + with message-id and subject line Bug#861295: fixed in ghostscript 9.20~dfsg-3.1 has caused the Debian Bug report #861295, regarding ghostscript: CVE-2017-8291: shell injection to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 861295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861295 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.06~dfsg-2 Severity: grave Tags: upstream security Justification: user security hole Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808 Hi, the following vulnerability was published for ghostscript. CVE-2017-8291[0]: | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote | command execution via a "/OutputFile (%pipe%" substring in a crafted | .eps document that is an input to the gs program, as exploited in the | wild in April 2017. Regading the CVE assignment, note that it is psecific to the shell injection, as per https://bugs.ghostscript.com/show_bug.cgi?id=697808#c1 if the segmentation violation that is seen when executing this sample represents a second security issue then it will get a second CVE. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697808 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.20~dfsg-3.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 861...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 06:50:05 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.20~dfsg-3.1 Distribution: unstable Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 859662 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.20~dfsg-3.1) unstable; urgency=high . * Non-maintainer upload. * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217) (Closes: #859662) Checksums-Sha1: 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Checksums-Sha256: 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd513
Bug#859696: marked as done (ghostscript: CVE-2017-5951)
Your message dated Fri, 28 Apr 2017 09:03:57 + with message-id and subject line Bug#859696: fixed in ghostscript 9.20~dfsg-3.1 has caused the Debian Bug report #859696, regarding ghostscript: CVE-2017-5951 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859696 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697548 Hi, the following vulnerability was published for ghostscript. CVE-2017-5951[0]: | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (NULL pointer dereference and application crash) via | a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. As per 2017-04-06 there is no upstrream fix yet for this issue. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.20~dfsg-3.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 06:50:05 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.20~dfsg-3.1 Distribution: unstable Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 859662 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.20~dfsg-3.1) unstable; urgency=high . * Non-maintainer upload. * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217) (Closes: #859662) Checksums-Sha1: 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Checksums-Sha256: 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd5133d1e6be25 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb 975eb0dee2daec3abec78a5a711a266e62c097f022bd311c81eec482021469f8 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Files: e175a069819fb9b4427d067224117197 3025 text optional ghostscript_9.20~dfsg-3.1.dsc 0c1e846
Bug#859666: marked as done (ghostscript: CVE-2016-10219)
Your message dated Fri, 28 Apr 2017 09:03:57 + with message-id and subject line Bug#859666: fixed in ghostscript 9.20~dfsg-3.1 has caused the Debian Bug report #859666, regarding ghostscript: CVE-2016-10219 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859666 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: security patch upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453 Hi, the following vulnerability was published for ghostscript. CVE-2016-10219[0]: | The intersect function in base/gxfill.c in Artifex Software, Inc. | Ghostscript 9.20 allows remote attackers to cause a denial of service | (divide-by-zero error and application crash) via a crafted file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10219 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697453 [2] http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.20~dfsg-3.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 859...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 06:50:05 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.20~dfsg-3.1 Distribution: unstable Urgency: high Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 859662 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.20~dfsg-3.1) unstable; urgency=high . * Non-maintainer upload. * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217) (Closes: #859662) Checksums-Sha1: 27beb46933666fd84a822dc2f11043dd9816582e 3025 ghostscript_9.20~dfsg-3.1.dsc ff6c9d1f36d0f4baff2f1fca1bfdbe36f2cadf75 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 38aba5ecd413b0fe8d6f233de1987b18ee43edbb 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb fd085947763beac463eb617ef0c19458bdf40f86 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Checksums-Sha256: 7eea1566d95e1970a46635aee3ff6d8cc528907bb0ff3815df7d5430e5bc9158 3025 ghostscript_9.20~dfsg-3.1.dsc d1d7e8f06ada9ec035e7f8394f9a52b793619cb1d11aaa03fa87b3caeee5ccc1 114264 ghostscript_9.20~dfsg-3.1.debian.tar.xz 9463f519c4fd20eabcecd9fbd5801fca7376f32ce1ca4946acbd5133d1e6be25 5630604 ghostscript-doc_9.20~dfsg-3.1_all.deb 975eb0dee2daec3abec78a5a711a266e62c097f022bd311c81eec482021469f8 5160310 libgs9-common_9.20~dfsg-3.1_all.deb Files: e175a069819fb9b44
Bug#859662: marked as done (ghostscript: CVE-2016-10217)
Your message dated Fri, 28 Apr 2017 09:03:57 + with message-id and subject line Bug#859662: fixed in ghostscript 9.20~dfsg-3.1 has caused the Debian Bug report #859662, regarding ghostscript: CVE-2016-10217 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 859662: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859662 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697456 Hi, the following vulnerability was published for ghostscript. CVE-2016-10217[0]: | The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. | Ghostscript 9.20 allows remote attackers to cause a denial of service | (use-after-free and application crash) via a crafted file that is | mishandled in the color management module. To verify with an ASAN build of ghostscript: cut-cut-cut-cut-cut-cut- # LD_LIBRARY_PATH=./sobin ./debian/tmp/usr/bin/gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER /root/gs_uaf_pdf14_cleanup_parent_color_profiles -c quit GPL Ghostscript 9.20 (2016-09-26) Copyright (C) 2016 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. = ==4082==ERROR: AddressSanitizer: heap-use-after-free on address 0x62a00053b840 at pc 0x7f9c09ebff67 bp 0x7ffe337bb2a0 sp 0x7ffe337bb298 READ of size 8 at 0x62a00053b840 thread T0 #0 0x7f9c09ebff66 in pdf14_cleanup_parent_color_profiles base/gdevp14.c:2016 #1 0x7f9c09eefcef in pdf14_device_finalize base/gdevp14.c:8293 #2 0x7f9c0a7fd262 in restore_finalize psi/isave.c:952 #3 0x7f9c0a7fc066 in alloc_restore_step_in psi/isave.c:759 #4 0x7f9c0a7fcbfb in alloc_restore_all psi/isave.c:886 #5 0x7f9c0a700455 in gs_main_finit psi/imain.c:978 #6 0x7f9c0a700a74 in gs_to_exit_with_code psi/imain.c:1013 #7 0x7f9c0a700a9b in gs_to_exit psi/imain.c:1018 #8 0x7f9c0a70b97b in gsapi_exit psi/iapi.c:561 #9 0x557197880114 in main psi/dxmainc.c:90 #10 0x7f9c0976b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #11 0x55719787fd29 in _start (/root/ghostscript-9.20~dfsg/debian/tmp/usr/bin/gs+0xd29) 0x62a00053b840 is located 5696 bytes inside of 20048-byte region [0x62a00053a200,0x62a00053f050) freed by thread T0 here: #0 0x7f9c0b8b7a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10) #1 0x7f9c0a4c960f in gs_heap_free_object base/gsmalloc.c:348 #2 0x7f9c0a46655d in alloc_free_clump base/gsalloc.c:2593 #3 0x7f9c0a45f7d1 in free_all_not_allocator base/gsalloc.c:1000 #4 0x7f9c0a45cf20 in clump_splay_app base/gsalloc.c:602 #5 0x7f9c0a45fa30 in i_free_all base/gsalloc.c:1036 #6 0x7f9c0a7fd475 in restore_free psi/isave.c:989 #7 0x7f9c0a7fc7b8 in restore_space psi/isave.c:847 #8 0x7f9c0a7fc220 in alloc_restore_step_in psi/isave.c:784 #9 0x7f9c0a7fcbfb in alloc_restore_all psi/isave.c:886 #10 0x7f9c0a700455 in gs_main_finit psi/imain.c:978 #11 0x7f9c0a700a74 in gs_to_exit_with_code psi/imain.c:1013 #12 0x7f9c0a700a9b in gs_to_exit psi/imain.c:1018 #13 0x7f9c0a70b97b in gsapi_exit psi/iapi.c:561 #14 0x557197880114 in main psi/dxmainc.c:90 #15 0x7f9c0976b2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) previously allocated by thread T0 here: #0 0x7f9c0b8b7d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28) #1 0x7f9c0a4c8aac in gs_heap_alloc_bytes base/gsmalloc.c:183 #2 0x7f9c0a46560b in alloc_acquire_clump base/gsalloc.c:2430 #3 0x7f9c0a4651c0 in alloc_add_clump base/gsalloc.c:2379 #4 0x7f9c0a4635d3 in alloc_obj base/gsalloc.c:1991 #5 0x7f9c0a46097c in i_alloc_struct base/gsalloc.c:1229 #6 0x7f9c0a7dbb9c in gs_istate_alloc psi/zgstate.c:590 #7 0x7f9c0a4ea417 in gstate_clone base/gsstate.c:1008 #8 0x7f9c0a4e6eaf in gs_gsave base/gsstate.c:325 #9 0x7f9c0a4e712a in gs_gsave_for_save base/gsstate.c:370 #10 0x7f9c0a7879a0 in zsave psi/zvmem.c:84 #11 0x7f9c0a6f3b8a in z2save psi/zdevice2.c:219 #12 0x7f9c0a721f63 in interp psi/interp.c:1310 #13 0x7f9c0a71d2eb in gs_call_interp psi/interp.c:511 #14 0x7f9c0a71cc52 in gs_interpret psi/interp.c:468 #15 0x7f9c0a6fb8d2 in gs_main_interpret psi/imain.c:245 #16 0x7f9c0a6fe323 in gs_main_run_string_end psi/imain.c:663 #17 0x7f9c0a6fdf6a in gs_main_run_string_with_length psi/imain.c:621 #18
Processing of cups-filters_1.13.5-1_source.changes
cups-filters_1.13.5-1_source.changes uploaded successfully to localhost along with the files: cups-filters_1.13.5-1.dsc cups-filters_1.13.5.orig.tar.xz cups-filters_1.13.5-1.debian.tar.xz cups-filters_1.13.5-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Re: cups-filters 1.13.5 released!
Hi all, Le jeudi, 27 avril 2017, 23.56:13 h CEST Till Kamppeter a écrit : > I have released cups-filters 1.13.5 now, with the following changes: > (…) > Bug fixes and improvements on the PPD generator, the "driverless" > utility, and the Braille embosser support. > > Let this again build-depend on CUPS 2.2.2, as otherwise cups-filters > builds without Apple Raster support. Uploaded to experimental. Cheers, OdyX signature.asc Description: This is a digitally signed message part.
