Processed: found 860869 in 9.06~dfsg-2
Processing commands for cont...@bugs.debian.org: > # overflow checks missing in jessie version as well > found 860869 9.06~dfsg-2 Bug #860869 {Done: Salvatore Bonaccorso } [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function Marked as found in versions ghostscript/9.06~dfsg-2. > thanks Stopping processing here. Please contact me if you need assistance. -- 860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
ghostscript_9.22~dfsg-2.1_multi.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 20 Apr 2018 12:28:29 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source Version: 9.22~dfsg-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 860869 896069 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.22~dfsg-2.1) unstable; urgency=medium . * Non-maintainer upload. * Buffer overflow in fill_threshold_buffer (CVE-2016-10317) (Closes: #860869) * pdfwrite - Guard against trying to output an infinite number (CVE-2018-10194) (Closes: #896069) Checksums-Sha1: b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc 76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz Checksums-Sha256: 00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 ghostscript_9.22~dfsg-2.1.dsc b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz Files: 6cc02bb50fd60f4046899482ed087580 2905 text optional ghostscript_9.22~dfsg-2.1.dsc 6783e389b486f699024d1c7baa6abce5 105956 text optional ghostscript_9.22~dfsg-2.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPlcP/0twvUG55IDAB7KSQn7KGrfrwVoQQeS8 HxMNgllPj7TMnFsx/OU9Kga51ay0yNGsKavnew1IwG6MjQheTfFoBw7sAWNSC0Hb qyfvR8ly9yhE/rFPtTPaNmK1FcfF8VRXvZ/jqDrc7EW4iIz6C+rarWz03FYFyOf/ vipD7d418XVBB4ySE1wGqeTXyDYeYO9QUBDlAN9VZBDn1RdFWdqlrUdoQyrJbG1Z Pvo6pgFGeDMtYGGfLL2vZYauGdW6oZdQAnNBYzgWjrOUJv9lE1SzSPlUdVjiWKNx LhxaONjq9i5/GmW2IC29uC0MpFa3+SjpZF+EpI/5mInILUyLOY8VjEDIfVEE5RAX rzoARmt81jx8VU+K1GWVRLLxpbL2ER7Ghs+n1EAlEBX4reJM3AqvXvJXC9KOB0i4 a0ISwKYJgWiYbgjuZ/m1bRnDdIpdjpp+QLDtzPgcsA7Fu+Zgh3QiTpIy+s/4Ntsy w7NhOtMc4LyaeGO0P46hMIaiSattFaRVY5D1ZzeJ2cMA3NATgcR1l5a423OSWhqx fXLF4z2hfP0/NIVAP1Y+Q+4gE6AZeQsH3moroGoDBKR39uhhtybr5oD3mac1ji4F RXY6Gu6Ij6qTD8xP0LU6U3lSyCXBXCbi2j0Uv77i5nLGKpG3R4w11Nn/fHvQyi68 Yyslp/5K4uMd =blQ1 -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#896069: marked as done (ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to mishandle postscript file data to pdf)
Your message dated Fri, 20 Apr 2018 18:20:25 + with message-id and subject line Bug#896069: fixed in ghostscript 9.22~dfsg-2.1 has caused the Debian Bug report #896069, regarding ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to mishandle postscript file data to pdf to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 896069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.06~dfsg-2 Severity: grave Tags: patch security upstream Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699255 Hi, The following vulnerability was published for ghostscript. CVE-2018-10194[0]: | The set_text_distance function in devices/vector/gdevpdts.c in the | pdfwrite component in Artifex Ghostscript through 9.22 does not prevent | overflows in text-positioning calculation, which allows remote | attackers to cause a denial of service (application crash) or possibly | have unspecified other impact via a crafted PDF document. Unfortunately the upstream report at [1] ist not (yet) public, but the commit upstream report association is given by the commit at [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10194 [1] https://bugs.ghostscript.com/show_bug.cgi?id=699255 [2] http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879 Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.22~dfsg-2.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 896...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 20 Apr 2018 12:28:29 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source Version: 9.22~dfsg-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 860869 896069 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.22~dfsg-2.1) unstable; urgency=medium . * Non-maintainer upload. * Buffer overflow in fill_threshold_buffer (CVE-2016-10317) (Closes: #860869) * pdfwrite - Guard against trying to output an infinite number (CVE-2018-10194) (Closes: #896069) Checksums-Sha1: b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc 76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz Checksums-Sha256: 00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 ghostscript_9.22~dfsg-2.1.dsc b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz Files: 6cc02bb50fd60f4046899482ed087580 2905 text optional ghostscript_9.22~dfsg-2.1.dsc 6783e389b486f699024d1c7baa6abce5 105956 text optional ghostscript_9.22~dfsg-2.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EP
Bug#860869: marked as done (ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function)
Your message dated Fri, 20 Apr 2018 18:20:25 + with message-id and subject line Bug#860869: fixed in ghostscript 9.22~dfsg-2.1 has caused the Debian Bug report #860869, regarding ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ghostscript Version: 9.20~dfsg-3 Severity: important Tags: upstream security Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459 Hi, the following vulnerability was published for ghostscript. CVE-2016-10317[0]: | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex | Software, Inc. Ghostscript 9.20 allows remote attackers to cause a | denial of service (heap-based buffer overflow and application crash) or | possibly have unspecified other impact via a crafted PostScript | document. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10317 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10317 [1] https://bugs.ghostscript.com/show_bug.cgi?id=697459 The reproducer is not yet public available, and the severity should probably be increased due to the heap buffer overflow. But we can ammend once more details public. Regards, Salvatore --- End Message --- --- Begin Message --- Source: ghostscript Source-Version: 9.22~dfsg-2.1 We believe that the bug you reported is fixed in the latest version of ghostscript, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 860...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated ghostscript package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 20 Apr 2018 12:28:29 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source Version: 9.22~dfsg-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team Changed-By: Salvatore Bonaccorso Closes: 860869 896069 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.22~dfsg-2.1) unstable; urgency=medium . * Non-maintainer upload. * Buffer overflow in fill_threshold_buffer (CVE-2016-10317) (Closes: #860869) * pdfwrite - Guard against trying to output an infinite number (CVE-2018-10194) (Closes: #896069) Checksums-Sha1: b706d9247a412ef801d4bd2143a4ca24d589ca02 2905 ghostscript_9.22~dfsg-2.1.dsc 76ef29dfa90800e17dcda8cc315b9580b0765ae3 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz Checksums-Sha256: 00c0d5ee0651ff6ab96e74ab1d23627fc0ac7a75638043d3f6c82c1d6663cfba 2905 ghostscript_9.22~dfsg-2.1.dsc b9ff7049ff223c97c85862172d42a98c01b947c27277ae5f56af9367a2bf7102 105956 ghostscript_9.22~dfsg-2.1.debian.tar.xz Files: 6cc02bb50fd60f4046899482ed087580 2905 text optional ghostscript_9.22~dfsg-2.1.dsc 6783e389b486f699024d1c7baa6abce5 105956 text optional ghostscript_9.22~dfsg-2.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlraGiJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPlcP/0twvUG55IDAB7KSQn7KGrfrwVoQQeS8 HxMNgllPj7TMnFsx/OU9Kga51ay0yNGsKavnew1IwG6MjQheTfFoBw7sAWNSC0Hb qyfvR8ly9yhE/rFPtTPaNmK1FcfF8VRXvZ
Bug#860869: ghostscript: diff for NMU version 9.22~dfsg-2.1
Hi Jonas, On Fri, Apr 20, 2018 at 07:23:22PM +0200, Jonas Smedegaard wrote: > Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm: > > Control: tags 860869 + patch > > Control: tags 860869 + pending > > Control: tags 896069 + pending > > > > Dear maintainer, > > > > I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and > > uploaded it to DELAYED/2. Please feel free to tell me if I > > should delay it longer. > > Great, Thanks a lot! > > You need not delay it at all - please feel free to drop the delay. Thanks, rescheduled. I always appreciate a peer-review evne though ghostscript is on the LowNMU list. Can you import the changes into the archive once it is accepted into the archive? Regards, Salvatore
Bug#860869: ghostscript: diff for NMU version 9.22~dfsg-2.1
Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm: Control: tags 860869 + patch Control: tags 860869 + pending Control: tags 896069 + pending Dear maintainer, I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Great, Thanks a lot! You need not delay it at all - please feel free to drop the delay. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private pgp0WiaWCni2W.pgp Description: PGP signature
Processing of ghostscript_9.22~dfsg-2.1_multi.changes
ghostscript_9.22~dfsg-2.1_multi.changes uploaded successfully to localhost along with the files: ghostscript_9.22~dfsg-2.1.dsc ghostscript_9.22~dfsg-2.1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#860869: ghostscript: diff for NMU version 9.22~dfsg-2.1
Control: tags 860869 + patch Control: tags 860869 + pending Control: tags 896069 + pending Dear maintainer, I've prepared an NMU for ghostscript (versioned as 9.22~dfsg-2.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Salvatore diff -Nru ghostscript-9.22~dfsg/debian/changelog ghostscript-9.22~dfsg/debian/changelog --- ghostscript-9.22~dfsg/debian/changelog 2018-02-10 17:41:31.0 +0100 +++ ghostscript-9.22~dfsg/debian/changelog 2018-04-20 12:28:29.0 +0200 @@ -1,3 +1,13 @@ +ghostscript (9.22~dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Buffer overflow in fill_threshold_buffer (CVE-2016-10317) +(Closes: #860869) + * pdfwrite - Guard against trying to output an infinite number +(CVE-2018-10194) (Closes: #896069) + + -- Salvatore Bonaccorso Fri, 20 Apr 2018 12:28:29 +0200 + ghostscript (9.22~dfsg-2) unstable; urgency=medium * Update Vcs-* fields for the move to salsa.d.o diff -Nru ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch --- ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch 1970-01-01 01:00:00.0 +0100 +++ ghostscript-9.22~dfsg/debian/patches/0001-Fix-bug-697459-Buffer-overflow-in-fill_threshold_buf.patch 2018-04-20 12:28:29.0 +0200 @@ -0,0 +1,78 @@ +From: Ray Johnston +Date: Tue, 21 Nov 2017 12:48:54 -0800 +Subject: Fix bug 697459 Buffer overflow in fill_threshold_buffer +Origin: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 +Bug-Debian: https://bugs.debian.org/860869 +Bug: https://bugs.ghostscript.com/show_bug.cgi?id=697459 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-10317 + +There was an overflow check for ht_buffer size, but none for the larger +threshold_buffer. Note that this file didn't fail on Windows because the +combination of the ht_buffer and the size of the (miscalculated due to +overflow) threshold_buffer would have exceeded the 2Gb limit. +--- + base/gxht_thresh.c | 13 ++--- + base/gxipixel.c| 2 +- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/base/gxht_thresh.c b/base/gxht_thresh.c +index 3fb840213..726861685 100644 +--- a/base/gxht_thresh.c b/base/gxht_thresh.c +@@ -711,7 +711,9 @@ gxht_thresh_image_init(gx_image_enum *penum) +space */ + max_height = (int) ceil(fixed2float(any_abs(penum->dst_height)) / + (float) penum->Height); +-if ((max_height > 0) && (penum->ht_stride * spp_out > max_int / max_height)) ++if (max_height <= 0) ++return -1; /* shouldn't happen, but check so we don't div by zero */ ++if (penum->ht_stride * spp_out > max_int / max_height) + return -1; /* overflow */ + + penum->ht_buffer = +@@ -734,6 +736,11 @@ gxht_thresh_image_init(gx_image_enum *penum) +Also allow a 15 sample over run during the execution. */ + temp = (int) ceil((float) ((dev_width + 15.0) + 15.0)/16.0); + penum->line_size = bitmap_raster(temp * 16 * 8); /* The stride */ ++if (penum->line_size > max_int / max_height) { ++gs_free_object(penum->memory, penum->ht_buffer, "gxht_thresh"); ++penum->ht_buffer = NULL; ++return -1; /* thresh_buffer size overflow */ ++} + penum->line = gs_alloc_bytes(penum->memory, penum->line_size * spp_out, + "gxht_thresh"); + penum->thresh_buffer = gs_alloc_bytes(penum->memory, +@@ -754,7 +761,7 @@ gxht_thresh_image_init(gx_image_enum *penum) + } + + static void +-fill_threshhold_buffer(byte *dest_strip, byte *src_strip, int src_width, ++fill_threshold_buffer(byte *dest_strip, byte *src_strip, int src_width, +int left_offset, int left_width, int num_tiles, +int right_width) + { +@@ -908,7 +915,7 @@ gxht_thresh_planes(gx_image_enum *penum, fixed xrun, +to update with stride */ + position = contone_stride * k; + /* Tile into the 128 bit aligned threshold strip */ +-fill_threshhold_buffer(&(thresh_align[position]), ++fill_threshold_buffer(&(thresh_align[position]), +thresh_tile, thresh_width, dx, left_width, +num_full_tiles, right_tile_width); + } +diff --git a/base/gxipixel.c b/base/gxipixel.c +index edd40c52d..cb4f02a09 100644 +--- a/base/gxipixel.c b/base/gxipixel.c +@@ -758,7 +758,7 @@ gx_image_enum_begin(gx_device * dev, const gs_gstate * pgs, + penum->memory = mem; + penum->buffer = buffer; + penum->buf
Processed: ghostscript: diff for NMU version 9.22~dfsg-2.1
Processing control commands: > tags 860869 + patch Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function Added tag(s) patch. > tags 860869 + pending Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function Added tag(s) pending. > tags 896069 + pending Bug #896069 [src:ghostscript] ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to mishandle postscript file data to pdf Added tag(s) pending. -- 860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869 896069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: ghostscript: diff for NMU version 9.22~dfsg-2.1
Processing control commands: > tags 860869 + patch Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function Ignoring request to alter tags of bug #860869 to the same tags previously set > tags 860869 + pending Bug #860869 [src:ghostscript] ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function Ignoring request to alter tags of bug #860869 to the same tags previously set > tags 896069 + pending Bug #896069 [src:ghostscript] ghostscript: CVE-2018-10194: Buffer overflow on pprintg1 due to mishandle postscript file data to pdf Ignoring request to alter tags of bug #896069 to the same tags previously set -- 860869: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860869 896069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 869879
Processing commands for cont...@bugs.debian.org: > close 869879 9.22~dfsg-1 Bug #869879 [src:ghostscript] ghostscript: CVE-2017-9610 CVE-2017-9618 CVE-2017-9619 CVE-2017-9620 CVE-2017-9740 Marked as fixed in versions ghostscript/9.22~dfsg-1. Bug #869879 [src:ghostscript] ghostscript: CVE-2017-9610 CVE-2017-9618 CVE-2017-9619 CVE-2017-9620 CVE-2017-9740 Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 869879: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869879 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems