Bug#994011: ghostscript: CVE-2021-3781
Hi Jonas, On Thu, Sep 09, 2021 at 09:16:22PM +0200, Jonas Smedegaard wrote: > Quoting Salvatore Bonaccorso (2021-09-09 20:43:30) > > Hi Jonas, > > > > On Thu, Sep 09, 2021 at 08:09:42PM +0200, Jonas Smedegaard wrote: > > > Hi Salvatore, > > > > > > Quoting Salvatore Bonaccorso (2021-09-09 19:20:08) > > > > The following vulnerability was published for ghostscript. > > > > > > > > CVE-2021-3781[0]. > > > > > > I have prepared a package fixing this issue, available at > > > https://salsa.debian.org/printing-team/ghostscript/-/tree/debian/bullseye > > > > > > Please tell how I should proceed with it - or feel free to proceed > > > yourself from here. > > > > I did actually already uploaded earlier today to the embargoed queues, > > waiting for the builds of mips64el and s390x yet, but then hope to > > release the DSA soon. > > Excellent! DSA 4972-1 released for it. Regards, Salvatore
Bug#994011: ghostscript: CVE-2021-3781
Hi Jonas, On Thu, Sep 09, 2021 at 08:09:42PM +0200, Jonas Smedegaard wrote: > Hi Salvatore, > > Quoting Salvatore Bonaccorso (2021-09-09 19:20:08) > > The following vulnerability was published for ghostscript. > > > > CVE-2021-3781[0]. > > I have prepared a package fixing this issue, available at > https://salsa.debian.org/printing-team/ghostscript/-/tree/debian/bullseye > > Please tell how I should proceed with it - or feel free to proceed > yourself from here. I did actually already uploaded earlier today to the embargoed queues, waiting for the builds of mips64el and s390x yet, but then hope to release the DSA soon. Regards, Salvatore
Bug#994011: ghostscript: CVE-2021-3781
Hi Salvatore, Quoting Salvatore Bonaccorso (2021-09-09 19:20:08) > The following vulnerability was published for ghostscript. > > CVE-2021-3781[0]. I have prepared a package fixing this issue, available at https://salsa.debian.org/printing-team/ghostscript/-/tree/debian/bullseye Please tell how I should proceed with it - or feel free to proceed yourself from here. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#994011: ghostscript: CVE-2021-3781
Source: ghostscript Version: 9.53.3~dfsg-7 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=704342 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for ghostscript. CVE-2021-3781[0]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3781 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3781 [1] https://bugs.ghostscript.com/show_bug.cgi?id=704342 (not public yet) [2] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde Regards, Salvatore