Processed: found 860869 in 9.06~dfsg-2

2018-04-20 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org:

> # overflow checks missing in jessie version as well
> found 860869 9.06~dfsg-2
Bug #860869 {Done: Salvatore Bonaccorso } [src:ghostscript] 
ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer 
function
Marked as found in versions ghostscript/9.06~dfsg-2.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



ghostscript_9.22~dfsg-2.1_multi.changes ACCEPTED into unstable

2018-04-20 Thread Debian FTP Masters


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 20 Apr 2018 12:28:29 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common 
libgs-dev ghostscript-dbg
Architecture: source
Version: 9.22~dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team 
Changed-By: Salvatore Bonaccorso 
Closes: 860869 896069
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug 
symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - 
Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 
support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9 - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common 
file
Changes:
 ghostscript (9.22~dfsg-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
 (Closes: #860869)
   * pdfwrite - Guard against trying to output an infinite number
 (CVE-2018-10194) (Closes: #896069)
Checksums-Sha1: 
 b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc
 76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 
ghostscript_9.22~dfsg-2.1.debian.tar.xz
Checksums-Sha256: 
 00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 
ghostscript_9.22~dfsg-2.1.dsc
 b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 
ghostscript_9.22~dfsg-2.1.debian.tar.xz
Files: 
 6cc02bb50fd60f4046899482ed087580 2905 text optional 
ghostscript_9.22~dfsg-2.1.dsc
 6783e389b486f699024d1c7baa6abce5 105956 text optional 
ghostscript_9.22~dfsg-2.1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPlcP/0twvUG55IDAB7KSQn7KGrfrwVoQQeS8
HxMNgllPj7TMnFsx/OU9Kga51ay0yNGsKavnew1IwG6MjQheTfFoBw7sAWNSC0Hb
qyfvR8ly9yhE/rFPtTPaNmK1FcfF8VRXvZ/jqDrc7EW4iIz6C+rarWz03FYFyOf/
vipD7d418XVBB4ySE1wGqeTXyDYeYO9QUBDlAN9VZBDn1RdFWdqlrUdoQyrJbG1Z
Pvo6pgFGeDMtYGGfLL2vZYauGdW6oZdQAnNBYzgWjrOUJv9lE1SzSPlUdVjiWKNx
LhxaONjq9i5/GmW2IC29uC0MpFa3+SjpZF+EpI/5mInILUyLOY8VjEDIfVEE5RAX
rzoARmt81jx8VU+K1GWVRLLxpbL2ER7Ghs+n1EAlEBX4reJM3AqvXvJXC9KOB0i4
a0ISwKYJgWiYbgjuZ/m1bRnDdIpdjpp+QLDtzPgcsA7Fu+Zgh3QiTpIy+s/4Ntsy
w7NhOtMc4LyaeGO0P46hMIaiSattFaRVY5D1ZzeJ2cMA3NATgcR1l5a423OSWhqx
fXLF4z2hfP0/NIVAP1Y+Q+4gE6AZeQsH3moroGoDBKR39uhhtybr5oD3mac1ji4F
RXY6Gu6Ij6qTD8xP0LU6U3lSyCXBXCbi2j0Uv77i5nLGKpG3R4w11Nn/fHvQyi68
Yyslp/5K4uMd
=blQ1
-END PGP SIGNATURE-


Thank you for your contribution to Debian.



Bug#896069: marked as done (ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to mishandle postscript file data to pdf)

2018-04-20 Thread Debian Bug Tracking System
Your message dated Fri, 20 Apr 2018 18:20:25 +
with message-id 
and subject line Bug#896069: fixed in ghostscript 9.22~dfsg-2.1
has caused the Debian Bug report #896069,
regarding ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to 
mishandle postscript file data to pdf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
896069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699255

Hi,

The following vulnerability was published for ghostscript.

CVE-2018-10194[0]:
| The set_text_distance function in devices/vector/gdevpdts.c in the
| pdfwrite component in Artifex Ghostscript through 9.22 does not prevent
| overflows in text-positioning calculation, which allows remote
| attackers to cause a denial of service (application crash) or possibly
| have unspecified other impact via a crafted PDF document.

Unfortunately the upstream report at [1] ist not (yet) public, but the
commit upstream report association is given by the commit at [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10194
[1] https://bugs.ghostscript.com/show_bug.cgi?id=699255
[2] 
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.22~dfsg-2.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 896...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 20 Apr 2018 12:28:29 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common 
libgs-dev ghostscript-dbg
Architecture: source
Version: 9.22~dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team 
Changed-By: Salvatore Bonaccorso 
Closes: 860869 896069
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug 
symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - 
Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 
support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9 - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common 
file
Changes:
 ghostscript (9.22~dfsg-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
 (Closes: #860869)
   * pdfwrite - Guard against trying to output an infinite number
 (CVE-2018-10194) (Closes: #896069)
Checksums-Sha1: 
 b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc
 76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 
ghostscript_9.22~dfsg-2.1.debian.tar.xz
Checksums-Sha256: 
 00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 
ghostscript_9.22~dfsg-2.1.dsc
 b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 
ghostscript_9.22~dfsg-2.1.debian.tar.xz
Files: 
 6cc02bb50fd60f4046899482ed087580 2905 text optional 
ghostscript_9.22~dfsg-2.1.dsc
 6783e389b486f699024d1c7baa6abce5 105956 text optional 
ghostscript_9.22~dfsg-2.1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EP

Bug#860869: marked as done (ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function)

2018-04-20 Thread Debian Bug Tracking System
Your message dated Fri, 20 Apr 2018 18:20:25 +
with message-id 
and subject line Bug#860869: fixed in ghostscript 9.22~dfsg-2.1
has caused the Debian Bug report #860869,
regarding ghostscript: CVE-2016-10317: Heap-buffer overflow in the 
fill_threshold_buffer function
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459

Hi,

the following vulnerability was published for ghostscript.

CVE-2016-10317[0]:
| The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex
| Software, Inc. Ghostscript 9.20 allows remote attackers to cause a
| denial of service (heap-based buffer overflow and application crash) or
| possibly have unspecified other impact via a crafted PostScript
| document.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10317
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697459

The reproducer is not yet public available, and the severity should
probably be increased due to the heap buffer overflow. But we can
ammend once more details public.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.22~dfsg-2.1

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 860...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 20 Apr 2018 12:28:29 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common 
libgs-dev ghostscript-dbg
Architecture: source
Version: 9.22~dfsg-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team 
Changed-By: Salvatore Bonaccorso 
Closes: 860869 896069
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug 
symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - 
Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 
support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9 - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common 
file
Changes:
 ghostscript (9.22~dfsg-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
 (Closes: #860869)
   * pdfwrite - Guard against trying to output an infinite number
 (CVE-2018-10194) (Closes: #896069)
Checksums-Sha1: 
 b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc
 76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 
ghostscript_9.22~dfsg-2.1.debian.tar.xz
Checksums-Sha256: 
 00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 
ghostscript_9.22~dfsg-2.1.dsc
 b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 
ghostscript_9.22~dfsg-2.1.debian.tar.xz
Files: 
 6cc02bb50fd60f4046899482ed087580 2905 text optional 
ghostscript_9.22~dfsg-2.1.dsc
 6783e389b486f699024d1c7baa6abce5 105956 text optional 
ghostscript_9.22~dfsg-2.1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPlcP/0twvUG55IDAB7KSQn7KGrfrwVoQQeS8
HxMNgllPj7TMnFsx/OU9Kga51ay0yNGsKavnew1IwG6MjQheTfFoBw7sAWNSC0Hb
qyfvR8ly9yhE/rFPtTPaNmK1FcfF8VRXvZ

Bug#860869: ghostscript: diff for NMU version 9.22~dfsg-2.1

2018-04-20 Thread Salvatore Bonaccorso
Hi Jonas,

On Fri, Apr 20, 2018 at 07:23:22PM +0200, Jonas Smedegaard wrote:
> Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:
> > Control: tags 860869 + patch
> > Control: tags 860869 + pending
> > Control: tags 896069 + pending
> > 
> > Dear maintainer,
> > 
> > I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I
> > should delay it longer.
> 
> Great, Thanks a lot!
> 
> You need not delay it at all - please feel free to drop the delay.

Thanks, rescheduled. I always appreciate a peer-review evne though
ghostscript is on the LowNMU list.

Can you import the changes into the archive once it is accepted into
the archive?

Regards,
Salvatore



Bug#860869: ghostscript: diff for NMU version 9.22~dfsg-2.1

2018-04-20 Thread Jonas Smedegaard

Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:

Control: tags 860869 + patch
Control: tags 860869 + pending
Control: tags 896069 + pending

Dear maintainer,

I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.


Great, Thanks a lot!

You need not delay it at all - please feel free to drop the delay.

- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

[x] quote me freely  [ ] ask before reusing  [ ] keep private


pgp0WiaWCni2W.pgp
Description: PGP signature


Processing of ghostscript_9.22~dfsg-2.1_multi.changes

2018-04-20 Thread Debian FTP Masters
ghostscript_9.22~dfsg-2.1_multi.changes uploaded successfully to localhost
along with the files:
  ghostscript_9.22~dfsg-2.1.dsc
  ghostscript_9.22~dfsg-2.1.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)



Bug#860869: ghostscript: diff for NMU version 9.22~dfsg-2.1

2018-04-20 Thread Salvatore Bonaccorso
Control: tags 860869 + patch
Control: tags 860869 + pending
Control: tags 896069 + pending

Dear maintainer,

I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore
diff -Nru ghostscript-9.22~dfsg/debian/changelog ghostscript-9.22~dfsg/debian/changelog
--- ghostscript-9.22~dfsg/debian/changelog	2018-02-10 17:41:31.0 +0100
+++ ghostscript-9.22~dfsg/debian/changelog	2018-04-20 12:28:29.0 +0200
@@ -1,3 +1,13 @@
+ghostscript (9.22~dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
+(Closes: #860869)
+  * pdfwrite - Guard against trying to output an infinite number
+(CVE-2018-10194) (Closes: #896069)
+
+ -- Salvatore Bonaccorso   Fri, 20 Apr 2018 12:28:29 +0200
+
 ghostscript (9.22~dfsg-2) unstable; urgency=medium
 
   * Update Vcs-* fields for the move to salsa.d.o
diff -Nru ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch
--- ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch	1970-01-01 01:00:00.0 +0100
+++ ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch	2018-04-20 12:28:29.0 +0200
@@ -0,0 +1,78 @@
+From: Ray Johnston 
+Date: Tue, 21 Nov 2017 12:48:54 -0800
+Subject: Fix bug 697459 Buffer overflow in fill_threshold_buffer
+Origin: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
+Bug-Debian: https://bugs.debian.org/860869
+Bug: https://bugs.ghostscript.com/show_bug.cgi?id=697459
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-10317
+
+There was an overflow check for ht_buffer size, but none for the larger
+threshold_buffer. Note that this file didn't fail on Windows because the
+combination of the ht_buffer and the size of the (miscalculated due to
+overflow) threshold_buffer would have exceeded the 2Gb limit.
+---
+ base/gxht_thresh.c | 13 ++---
+ base/gxipixel.c|  2 +-
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/base/gxht_thresh.c b/base/gxht_thresh.c
+index 3fb840213..726861685 100644
+--- a/base/gxht_thresh.c
 b/base/gxht_thresh.c
+@@ -711,7 +711,9 @@ gxht_thresh_image_init(gx_image_enum *penum)
+space */
+ max_height = (int) ceil(fixed2float(any_abs(penum->dst_height)) /
+ (float) penum->Height);
+-if ((max_height > 0) && (penum->ht_stride * spp_out > max_int / max_height))
++if (max_height <= 0)
++return -1;		/* shouldn't happen, but check so we don't div by zero */
++if (penum->ht_stride * spp_out > max_int / max_height)
+ return -1; /* overflow */
+ 
+ penum->ht_buffer =
+@@ -734,6 +736,11 @@ gxht_thresh_image_init(gx_image_enum *penum)
+Also allow a 15 sample over run during the execution.  */
+ temp = (int) ceil((float) ((dev_width + 15.0) + 15.0)/16.0);
+ penum->line_size = bitmap_raster(temp * 16 * 8);  /* The stride */
++if (penum->line_size > max_int / max_height) {
++gs_free_object(penum->memory, penum->ht_buffer, "gxht_thresh");
++penum->ht_buffer = NULL;
++return -1; /* thresh_buffer size overflow */
++}
+ penum->line = gs_alloc_bytes(penum->memory, penum->line_size * spp_out,
+  "gxht_thresh");
+ penum->thresh_buffer = gs_alloc_bytes(penum->memory,
+@@ -754,7 +761,7 @@ gxht_thresh_image_init(gx_image_enum *penum)
+ }
+ 
+ static void
+-fill_threshhold_buffer(byte *dest_strip, byte *src_strip, int src_width,
++fill_threshold_buffer(byte *dest_strip, byte *src_strip, int src_width,
+int left_offset, int left_width, int num_tiles,
+int right_width)
+ {
+@@ -908,7 +915,7 @@ gxht_thresh_planes(gx_image_enum *penum, fixed xrun,
+to update with stride */
+ position = contone_stride * k;
+ /* Tile into the 128 bit aligned threshold strip */
+-fill_threshhold_buffer(&(thresh_align[position]),
++fill_threshold_buffer(&(thresh_align[position]),
+thresh_tile, thresh_width, dx, left_width,
+num_full_tiles, right_tile_width);
+ }
+diff --git a/base/gxipixel.c b/base/gxipixel.c
+index edd40c52d..cb4f02a09 100644
+--- a/base/gxipixel.c
 b/base/gxipixel.c
+@@ -758,7 +758,7 @@ gx_image_enum_begin(gx_device * dev, const gs_gstate * pgs,
+ penum->memory = mem;
+ penum->buffer = buffer;
+ penum->buf

Processed: ghostscript: diff for NMU version 9.22~dfsg-2.1

2018-04-20 Thread Debian Bug Tracking System
Processing control commands:

> tags 860869 + patch
Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow 
in the fill_threshold_buffer function
Added tag(s) patch.
> tags 860869 + pending
Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow 
in the fill_threshold_buffer function
Added tag(s) pending.
> tags 896069 + pending
Bug #896069 [src:ghostscript] ghostscript: CVE-2018-10194: Buffer overflow on 
pprintg1 due to mishandle postscript file data to pdf
Added tag(s) pending.

-- 
860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869
896069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Processed: ghostscript: diff for NMU version 9.22~dfsg-2.1

2018-04-20 Thread Debian Bug Tracking System
Processing control commands:

> tags 860869 + patch
Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow 
in the fill_threshold_buffer function
Ignoring request to alter tags of bug #860869 to the same tags previously set
> tags 860869 + pending
Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow 
in the fill_threshold_buffer function
Ignoring request to alter tags of bug #860869 to the same tags previously set
> tags 896069 + pending
Bug #896069 [src:ghostscript] ghostscript: CVE-2018-10194: Buffer overflow on 
pprintg1 due to mishandle postscript file data to pdf
Ignoring request to alter tags of bug #896069 to the same tags previously set

-- 
860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869
896069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Processed: closing 869879

2018-04-20 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org:

> close 869879 9.22~dfsg-1
Bug #869879 [src:ghostscript] ghostscript: CVE-2017-9610 CVE-2017-9618 
CVE-2017-9619 CVE-2017-9620 CVE-2017-9740
Marked as fixed in versions ghostscript/9.22~dfsg-1.
Bug #869879 [src:ghostscript] ghostscript: CVE-2017-9610 CVE-2017-9618 
CVE-2017-9619 CVE-2017-9620 CVE-2017-9740
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
869879: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869879
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems