Hi,
On Fri, Sep 27, 2024 at 07:37:03AM +0200, Salvatore Bonaccorso wrote:
> Source: cups-filters
> Version: 1.28.17-3
> Severity: grave
> Tags: security upstream
> X-Debbugs-Cc: car...@debian.org, Debian Security Team
>
>
> Hi,
>
> The following vulnerability
Source: cups-filters
Version: 1.28.17-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups-filters.
CVE-2024-47177[0]:
| CUPS is a standards-based, open-source printing system, and cups-
| filters
Source: libcupsfilters
Version: 2.0.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for libcupsfilters.
CVE-2024-47076[0]:
| CUPS is a standards-based, open-source printing system, and
| `libcups
Source: cups-filters
Version: 1.28.17-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups-filters.
CVE-2024-47176[0]:
| CUPS is a standards-based, open-source printing system, and `cups-
| browsed
Source: cups
Version: 2.4.7-1.2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups.
CVE-2024-35235[0]:
| OpenPrinting CUPS is an open source printing system for Linux and
| other Unix-like oper
Source: jbig2dec
Version: 0.19-1
Severity: normal
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=707308
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for jbig2dec.
CVE-2023-46361[0]:
| Artifex Software jbig2d
Source: cups
Version: 2.4.2-5
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups.
CVE-2023-32360[0]:
| An authentication issue was addressed with improved state
| management. This issue is fixed in
Source: cups
Version: 2.4.2-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups.
CVE-2023-34241[0]:
| use-after-free in cupsdAcceptClient()
If you fix the vulnerability please also make sure to
Source: cpdb-libs
Version: 1.2.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cpdb-libs.
CVE-2023-34095[0]:
| cpdb-libs provides frontend and backend libraries for the Common
| Printing Dial
Source: cups-filters
Version: 1.28.17-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for cups-filters.
CVE-2023-24805[0]:
| RCE in cups-filters, beh CUPS backend
If
Source: ippsample
Version: 0.0~git20220607.72f89b3-1
Severity: normal
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ippsample.
CVE-2023-28428[0]:
| PDFio is a C library for reading and writing PDF files. In versio
Source: cups
Version: 2.4.1op1-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Control: found -1 2.3.3op2-3+deb11u1
Control: found -1 2.3.3op2-3
Control: found -1 2.2.10-6+deb10u5
Control: found -1 2.2.10-6
Control: fixed -1 2.3.3op2-3+deb11u2
Contro
Hi Jonas,
On Thu, Sep 09, 2021 at 09:16:22PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2021-09-09 20:43:30)
> > Hi Jonas,
> >
> > On Thu, Sep 09, 2021 at 08:09:42PM +0200, Jonas Smedegaard wrote:
> > > Hi Salvatore,
> > >
> > >
Hi Jonas,
On Thu, Sep 09, 2021 at 08:09:42PM +0200, Jonas Smedegaard wrote:
> Hi Salvatore,
>
> Quoting Salvatore Bonaccorso (2021-09-09 19:20:08)
> > The following vulnerability was published for ghostscript.
> >
> > CVE-2021-3781[0].
>
> I have prepared a pac
Source: ghostscript
Version: 9.53.3~dfsg-7
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=704342
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for ghostscript.
Source: cups
Version: 2.3.0-7
Severity: important
Tags: security upstream
Control: found -1 2.2.10-6+deb10u1
Control: found -1 2.2.1-8+deb9u2
Control: found -1 2.2.1-8+deb9u4
Control: found -1 2.2.1-8
Hi,
The following vulnerability was published for cups.
CVE-2019-2228[0]:
| In array_find of ar
Hi Jonas,
On Mon, Nov 18, 2019 at 10:34:17PM +0100, Jonas Smedegaard wrote:
> Control: severity -1 important
>
> Quoting Salvatore Bonaccorso (2019-11-14 22:47:49)
> > Source: ghostscript
> > Version: 9.50~dfsg-2
> > Severity: grave
> > Tags: security upstream
&
Source: ghostscript
Version: 9.50~dfsg-2
Severity: grave
Tags: security upstream
Control: found -1 9.26a~dfsg-0+deb9u5
Control: found -1 9.26a~dfsg-0+deb9u1
Control: found -1 9.27~dfsg-2+deb10u2
Control: found -1 9.27~dfsg-1
Control: found -1 9.27~dfsg-3.1
Control: fixed -1 9.26a~dfsg-0+deb9u6
Cont
Source: cups
Version: 2.2.10-6
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
Filling for tracking. The recent 2.2.12[1] release includes fixes for
several security issues, two of those got CVEs and are related to SNMP
buffer overflows. [2] includes all those.
Regar
08-13 09:49:11.0 +0200
@@ -1,3 +1,11 @@
+ghostscript (9.27~dfsg-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload (with maintainers approval).
+ * protect use of .forceput with executeonly (CVE-2019-10216)
+(Closes: #934638)
+
+ -- Salvatore Bonaccorso Tue, 13 Aug 2019 09:
Source: ghostscript
Version: 9.27~dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=701394
Control: found -1 9.27~dfsg-2
Control: found -1 9.26a~dfsg-0+deb9u2
Control: found -1 9.26a~dfsg-0+deb9u3
Control: found
Source: cups
Version: 2.2.10-1
Severity: minor
Hi
There was confusion and typo on one CVE id for a CVE-2018-4300. See
https://github.com/apple/cups/issues/5561 for details (the CVE id was
later on as well fixed retrospectively upstream in NEWS/changelogs).
To avoid confusions, and if this fits
reassign 928952 src:cups-filters
forcemerge 928936 928952
close 928936 1.21.6-5
close 928936 1.22.5-1
thanks
Hi Paul,
On Mon, May 13, 2019 at 10:21:21PM +0200, Paul van der Vlis wrote:
> Package: ghostscript
> Version: 9.26a~dfsg-0+deb9u3
>
>
> After doing the Ghostscript upgrade from 9.26a~dfsg-0+deb9u2 to
> 9.26a~dfsg-0+deb9u3 cups did not print anymore at a customer PC.
> Downgrading the ghostscript
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3835[0]:
superexec operator is available
If you fix the vulnerability
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700576
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3838[0]:
forceput in DefineResource is st
Source: cups
Version: 2.2.9-4
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for cups.
CVE-2018-4700[0]:
Linux session cookies used a predictable random number seed
If you fix the vulnerability please also make sure to include the
CVE (Common Vul
Source: ghostscript
Version: 9.26~dfsg-1
Severity: serious
Tags: patch upstream
Justification: regression
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700315
Control: found -1 9.26~dfsg-0+deb9u1
Control: affects -1 release.debian.org,security.debian.org
Hi
There is a regression reporte
Source: ghostscript
Version: 9.22~dfsg-1
Severity: important
Tags: patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700023
Hi
In 9.22rc1 upstrean there was a regression introduced in 9.22rc1
causing that for instance all the papersize with define "LeadingEdge"
can't print su
Source: ghostscript
Version: 9.20~dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699963
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-18284[0]:
1Policy operator gives access to .forceput
If you fix the vulne
Source: ghostscript
Version: 9.25~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699927
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-18073[0]:
saved execution stacks can leak operator arrays
If you fix the
Source: ghostscript
Version: 9.25~dfsg-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-17961[0]:
ghostscript: bypassing executeonly to escape -dSAFER sandbox
If you fix the vulnerability pl
Hi,
Further datapoint: This regressed already in the 9.20~dfsg-3.2+deb9u4
vesion, so its not going to be the same issue as #909929.
Unstable's version (9.25~dfsg-2) looks good as well.
Regards,
Salvatore
Source: ghostscript
Version: 9.20~dfsg-3.2+deb9u5
Severity: important
Tags: upstream
Control: found -1 9.25~dfsg-1~exp1
Control: found -1 9.25~dfsg-1
Control: affects -1 + security.debian.org
Control: affects -1 + release.debian.org
A user reported a further regression with ghostscript after the l
Hi Markus,
On Sat, Sep 29, 2018 at 03:06:04PM +0200, Markus Koschany wrote:
> I have tried some of those commits:
>
> http://git.ghostscript.com/?p=ghostpdl.git&a=search&h=HEAD&st=commit&s=txtwrite
>
> This one adds even more whitespace and moves the 1 character further to
> the right.
>
> http
Hi,
Futher tests and comparisons make me confident that with
cc746214644deacd5233a1453ce660573af09443 needed the output of stretch
aligns to the one produced in unstable's ghostscript (9.25~dfsg-2).
There is still the output changes produces, which might impact
(build)-rdepends, so we might need
Hi Markus,
On Thu, Sep 27, 2018 at 10:33:06PM +0200, Markus Koschany wrote:
> Hi,
>
> I believe I have found the solution to this problem. Apparently they
> changed the underlying device for ps2ascii to txtwrite last year.
>
> http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2fa6beaa40144c5
Hi
FTR, I tried to bisect the issue, by using commits between 9.20 and
9.21 upstream and applying on top each
fb713b3818b52d8a6cf62c951eba2e1795ff9624 . Due to a possibly unrelated
bug, some of the commits cause "empty" outputs, so I had to skip those
all. The resulting git bisect is
git bisect s
hi,
On Tue, Sep 18, 2018 at 09:58:10AM +0200, Mattia Rizzolo wrote:
> Package: ghostscript
> Version: 9.20~dfsg-3.2+deb9u5
> Severity: serious
> X-Debbugs-CC: t...@security.debian.org, Moritz Mühlenhoff ,
> reproducible-bui...@lists.alioth.debian.org
> Control: affects -1 diffoscope
>
> Dear mai
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699663
Control: fixed -1 9.20~dfsg-3.2+deb9u3
Hi,
The following vulnerability was published for ghostscript.
CVE-2018
hi,
On Sat, Sep 08, 2018 at 10:52:36AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Sep 08, 2018 at 10:17:10AM +0200, Salvatore Bonaccorso wrote:
> > (which might require
> > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3
Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699671
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-16510[0]:
| An issue was discovered in A
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699670
Control: fixed -1 9.20~dfsg-3.2+deb9u4
Hi,
The following vulnerability was published for ghostscript.
CVE-2018
Hi,
On Sat, Sep 08, 2018 at 10:17:10AM +0200, Salvatore Bonaccorso wrote:
> (which might require
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3439399a5c
> as well).
Scratch that, thas is just a fix for a further issue, namely
CVE-2018-16543
Source: ghostscript
Version: 9.22~dfsg-3
Severity: serious
Tags: patch upstream
Justification: regression
Hi
It was reported a regression while testing the security update, which
resulted in the increment to +deb9u4, which included the fix. The
regression was spotted while
http://git.ghostscript.
Control: retitle -1 ghostscript: CVE-2018-16509
Hi
The full set for the now assigned CVE-2018-16509 is actually:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b
Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Control: found -1 9.20~dfsg-1
There is one more followup fix needed:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=79cccf641486
https://bugs.ghostscript.com/show_bug.cgi?id=699654
Decoupling this f
Hi,
On Mon, Aug 27, 2018 at 08:34:25PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2018-08-26 21:55:14)
> > Hi,
> >
> > On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> > > Tavis Ormandy disclosed a new ghoscript se
Hi,
On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> Tavis Ormandy disclosed a new ghoscript security issue, leading directly to
> code
> execution: http://openwall.com/lists/oss-security/2018/08/21/2
There are actually several issues, see the whole thread. For now since
Source: cups
Version: 2.2.1-8
Severity: serious
Tags: patch security
Control: fixed -1 2.2.1-8+deb9u2
Hi,
I'm filling this with severity serious, as it indicates a regression
from stable, given the issue was fixed already via DSA-4243-1 in
2.2.1-8+deb9u2.
CVE-2018-6553[0]:
AppArmor profile issue
Hi Jonas,
On Fri, Apr 20, 2018 at 07:23:22PM +0200, Jonas Smedegaard wrote:
> Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:
> > Control: tags 860869 + patch
> > Control: tags 860869 + pending
> > Control: tags 896069 + pending
> >
> > Dear maintainer,
> >
> > I've prepa
gency=medium
+
+ * Non-maintainer upload.
+ * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
+(Closes: #860869)
+ * pdfwrite - Guard against trying to output an infinite number
+(CVE-2018-10194) (Closes: #896069)
+
+ -- Salvatore Bonaccorso Fri, 20 Apr 2018 12:28:29 +0200
+
ghosts
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699255
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-10194[0]:
| The set_text_distance function in devices/vector/gdevpdts.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698158
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-11714[0]:
| psi/ztoken.c in Artifex Ghostscript 9.21 mishan
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698026
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9612[0]:
| The Ins_IP function in base/ttinterp.c in Ar
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698024
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9611[0]:
| The Ins_MIRP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream security patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698055
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9726[0]:
| The Ins_MDRP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698056
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9727[0]:
| The gx_ttfReader__Read function in base/gxtt
Source: ghostscript
Version: 9.06~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698063
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9739[0]:
| The Ins_JMPR function in base/ttinterp.c in
Source: ghostscript
Version: 9.21~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697985
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9835[0]:
| The gs_alloc_ref_array function in psi/iallo
Source: ghostscript
Version: 9.21~dfsg-1
Severity: normal
Tags: security patch upstream
Hi,
the following vulnerabilities were published for ghostscript. Note,
I'm collecting those in one bug, because they are currently
unimportant for Debian as xps/ not used during build. But it would be
nice to
Control: tags -1 + fixed-upstream
On Wed, May 24, 2017 at 08:40:44PM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-1
> Severity: important
> Tags: upstream security
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697934
>
> Hi,
>
>
Source: jbig2dec
Version: 0.13-1
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697934
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-9216[0]:
| libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
| Ghostscript,
Hi Jonas,
On Sun, May 21, 2017 at 09:17:12PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2017-05-21 19:37:55)
> > I've prepared an NMU for ghostscript (versioned as 9.20~dfsg-3.2) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I should
n error. (Closes: #862779)
+
+ -- Salvatore Bonaccorso Sun, 21 May 2017 19:22:52 +0200
+
ghostscript (9.20~dfsg-3.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch
--- gho
FTR, "reproducer"
$ pstoedit -f plot-svg foo.pdf foo.svg -dt -ssp -psarg -r9600x9600 -pta
Regards,
Salvatore
Package: ghostscript
Version: 9.20~dfsg-3.1
Severity: serious
Tags: patch security upstream fixed-upstream
Justification: regression
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697846
Hi
The update in unstable for ghostscript breaks pstoedit when using
DELAYBIND feature.
Details: htt
-7976)
+(Closes: #860787)
+
+ -- Salvatore Bonaccorso Tue, 16 May 2017 20:08:21 +0200
+
jbig2dec (0.13-4) unstable; urgency=medium
* Add patches cherry-picked upstream to squash signed/unsigned
diff -Nru jbig2dec-0.13/debian/patches/020170426~5e57e48.patch jbig2dec-0.13/debian/patches/0201
Control: tags -1 + fixed-upstream
On Thu, Apr 20, 2017 at 08:12:01AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: security upstream
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
> Control: found -1 0.1
Control: tags -1 + fixed-upstream
On Thu, Apr 20, 2017 at 08:15:29AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: upstream security
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697693
> Control: found -1 0.1
Control: tags -1 + fixed-upstream
Hi
there is now a commit upstream for this issue:
Fixed in
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
Regards,
Salvatore
694)
+ * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
+(Closes: #859666)
+ * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
+(Closes: #859662)
+
+ -- Salvatore Bonaccorso Fri, 28 Apr 2017 06:50:05 +0200
+
ghostscript (9.20~dfsg-3) unstable; urgency=medium
Hi
Upstream commits are now available:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
Regards,
Salvatore
SuSE has caputred the initial report including a reproducer to verify
the issue (and verify the fix upstream once landed there):
https://bugzilla.suse.com/show_bug.cgi?id=1036453
Regards,
Salvatore
On Thu, Apr 27, 2017 at 07:03:05AM +0200, Salvatore Bonaccorso wrote:
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808
FTR, the bug has been restricted in meanwhile, but did contain a
reproducer to demonstrate the issue.
Regards,
Salvatore
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-8291[0]:
| Artifex Ghostscript through 2017-04
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10317[0]:
| The fill_threshhold_buffer function in base/gxht_thresh.c in Art
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697693
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7975[0]:
| Artifex jbig2dec 0.13, as used in Ghostscrip
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7976[0]:
| Artifex jbig2dec 0.13 allows out-of-bounds w
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697703
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7885[0]:
| Artifex jbig2dec 0.13 has a heap-based buffe
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697548
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-5951[0]:
| The mem_get_bits_rectangle function in base/gdevmem.c in Artifex
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10220[0]:
| The gs_makewordimagedevice function in base/gsdevmem.c in Artifex
| Software, Inc. Ghostscript 9.20 allows remote attacke
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10219[0]:
| The intersect function in base/gxfill.c in Artifex Softwar
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697456
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10217[0]:
| The pdf14_open function in base/gdevp14.c in Artifex Software, I
hi Jonas
Thanks for fixing CVE-2017-7207 in unstable. Can you ask as well
release team for an unblock, so that the fix goes to stretch?
Btw, there was a wrong bug closer for this bug (using the upstream bug
number instead), thus closed this one manually.
Regards,
Salvatore
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697676
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-7207[0]:
| The mem_get_bits_rectangle function in Artifex Software, In
Control: notfound -1 9.06~dfsg-2
Control: notfound -1 9.20~dfsg-2
Hi
After some more investigation I suspect the issue actually was only
introduced with
http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
and indeed applying that commit on top of the sid packagi
+++ ghostscript-9.20~dfsg/debian/changelog 2017-02-26 21:03:15.0
+0100
@@ -1,3 +1,11 @@
+ghostscript (9.20~dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Resolve image enumerator ownership on error (CVE-2017-6196)
+(Closes: #856142)
+
+ -- Salvatore Bonaccorso
Control: tags -1 + fixed-upstream
Hi
According to https://bugs.ghostscript.com/show_bug.cgi?id=697457#c7
this is fixed in the git repository for jbig2dec.
Regards,
Salvatore
Source: jbig2dec
Version: 0.13-3
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for jbig2dec.
NOTE: Actually not much has been published yet. There is an upstream
bugreport at [1], so I opening this bug in the Debian BTS to help
tracking the issue. Ther
Hi
I now have uploaded the version (see previously sent debdiff) to
security master and will release the regression update once all archs
have build the packages.
Regards,
Salvatore
On Thu, Oct 27, 2016 at 08:54:39PM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> > On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
> >
> > [...]
> > > On Thu, Oct 27, 2016 at 09:50:02AM -
Hi Francesco,
On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> > > Is your plan to release this as a -2
Hi Roberto,
On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> Is your plan to release this as a -2 regression update to the previous
> DSA? I assume that is what you plan to do, but I wanted to confirm to
> be certain.
Yes exactly, that's the plan. I would still like to hear
Hi,
On Thu, Oct 27, 2016 at 12:53:56PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> On Thu, Oct 27, 2016 at 06:40:12AM -0400, Roberto C. Sánchez wrote:
> > On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> > > On Thu, Oct 27, 2016 at 06:31:43AM -0400,
Hi
On Thu, Oct 27, 2016 at 06:40:12AM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> > On Thu, Oct 27, 2016 at 06:31:43AM -0400, Roberto C. Sánchez wrote:
> > > On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> > > >
>
Hi Edgar,
On Thu, Oct 27, 2016 at 10:01:53AM +0200, Edgar Fuß wrote:
> The problem is line 2011 in
> /usr/share/ghostscript/9.05/Resource/Init/gs_init.ps:
> systemdict /getenv {pop //false} put
> change that to
> systemdict /getenv {pop //false} .forceput
> (gs-commits 99e331527d541a8
Hi,
On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> On Wed, Oct 26, 2016 at 11:09:54PM -0400, Roberto C. Sánchez wrote:
> > On Tue, Oct 25, 2016 at 09:54:01PM +0200, Salvatore Bonaccorso wrote:
> > > Hi Roberto
> > >
> > > Could you doub
Hi Roberto
Could you double-check/confirm if you see the same
https://bugs.debian.org/840691 in wheezy? Note although the bug is
still assigned to ghostscript I think the problem uncovered is
actually in libspectre as noted in the bug log. But I wonder if you
see the same issues in wheezy now that
Hi Francesco,
On Fri, Oct 14, 2016 at 10:56:57PM +0200, Francesco Poli wrote:
> On Fri, 14 Oct 2016 06:47:47 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > Hi Francesco,
>
> Hello Salvatore, thanks for your fast reply!
>
> >
> > On Thu, Oct 13, 2016
1 - 100 of 119 matches
Mail list logo