Bug#858350: ghostscript: CVE-2017-7207

2017-03-23 Thread Jonas Smedegaard
Hi Salvatore,

Quoting Salvatore Bonaccorso (2017-03-23 21:25:33)
> Thanks for fixing CVE-2017-7207 in unstable. Can you ask as well 
> release team for an unblock, so that the fix goes to stretch?

Yes, I will try...


> Btw, there was a wrong bug closer for this bug (using the upstream bug 
> number instead), thus closed this one manually.

Ah, that's what happened.  I did notice your closing the bug I believed 
to already be closed.  Sorry for that!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature


Bug#858350: ghostscript: CVE-2017-7207

2017-03-23 Thread Salvatore Bonaccorso
hi Jonas

Thanks for fixing CVE-2017-7207 in unstable. Can you ask as well
release team for an unblock, so that the fix goes to stretch?

Btw, there was a wrong bug closer for this bug (using the upstream bug
number instead), thus closed this one manually.

Regards,
Salvatore



Bug#858350: ghostscript: CVE-2017-7207

2017-03-21 Thread Salvatore Bonaccorso
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697676

Hi,

the following vulnerability was published for ghostscript.

CVE-2017-7207[0]:
| The mem_get_bits_rectangle function in Artifex Software, Inc.
| Ghostscript 9.20 allows remote attackers to cause a denial of service
| (NULL pointer dereference) via a crafted PostScript document.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7207

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore