Processing control commands:
> notfound -1 9.06~dfsg-2
Bug #856142 [ghostscript] ghostscript: CVE-2017-6196
No longer marked as found in versions ghostscript/9.06~dfsg-2.
> notfound -1 9.20~dfsg-2
Bug #856142 [ghostscript] ghostscript: CVE-2017-6196
No longer marked as found in versions ghostscrip
Control: notfound -1 9.06~dfsg-2
Control: notfound -1 9.20~dfsg-2
Hi
After some more investigation I suspect the issue actually was only
introduced with
http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
and indeed applying that commit on top of the sid packagi
Control: tags -1 + patch
Attached proposed debdiff (not yet uploaded, neither to a delayed
queue).
Regards,
Salvatore
diff -Nru ghostscript-9.20~dfsg/debian/changelog
ghostscript-9.20~dfsg/debian/changelog
--- ghostscript-9.20~dfsg/debian/changelog 2017-01-25 05:26:10.0
+0100
+++ g
Processing control commands:
> tags -1 + patch
Bug #856142 [ghostscript] ghostscript: CVE-2017-6196
Added tag(s) patch.
--
856142: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Package: ghostscript
Severity: important
Tags: security
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-6196[0]:
| Multiple use-after-free vulnerabilities in the gx_image_enum_begin
| function in base/gxipixel.c in Ghostscript before
| ecceafe3abba2714ef9b432035fe0739d9b
