Bug#584516: marked as done (CVE-2010-1628: allows context-dependent attackers to execute arbitrary code)

Debian Bug Tracking System Fri, 20 Aug 2010 13:09:20 -0700

Your message dated Fri, 20 Aug 2010 20:05:40 +0000
with message-id <e1omxqo-0006ej...@franck.debian.org>
and subject line Bug#584516: fixed in ghostscript 8.62.dfsg.1-3.2lenny5
has caused the Debian Bug report #584516,
regarding CVE-2010-1628: allows context-dependent attackers to execute 
arbitrary code
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584516: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584516
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ghostscript
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ghostscript.

CVE-2010-1628[0]:
| Ghostscript 8.64, 8.70, and possibly other versions allows
| context-dependent attackers to execute arbitrary code via a PostScript
| file containing unlimited recursive procedure invocations, which
| trigger memory corruption in the stack of the interpreter.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628
    http://security-tracker.debian.org/tracker/CVE-2010-1628


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwIu/0ACgkQNxpp46476aqSZwCgiYQSz4A8fTVRECgr8yK/+iot
FmwAnAwm+dN/IMETZLh76xRufiD6Z/xS
=+7ZU
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: ghostscript
Source-Version: 8.62.dfsg.1-3.2lenny5

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive:

ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
  to main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
  to main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
  to main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
ghostscript_8.62.dfsg.1-3.2lenny5.dsc
  to main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.dsc
ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
  to main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
  to main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
gs-common_8.62.dfsg.1-3.2lenny5_all.deb
  to main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny5_all.deb
gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
  to main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
  to main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
gs_8.62.dfsg.1-3.2lenny5_all.deb
  to main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny5_all.deb
libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb
  to main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb
libgs8_8.62.dfsg.1-3.2lenny5_i386.deb
  to main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 584...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 18 Aug 2010 12:35:45 +0200
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x 
ghostscript-doc libgs8 libgs-dev
Architecture: source all i386
Version: 8.62.dfsg.1-3.2lenny5
Distribution: stable-security
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <mha...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - 
Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display 
suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Dummy package depending on ghostscript
 gs-esp     - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Closes: 584516
Changes: 
 ghostscript (8.62.dfsg.1-3.2lenny5) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-4897: Buffer overflow in gs/psi/iscan.c allows remote
     attackers to execute arbitrary code or cause a denial of service via a
     crafted PDF document containing a long name.
   * Fixed CVE-2010-1628: execute arbitrary code via a PostScript file
     containing unlimited recursive procedure invocations, which trigger
     memory corruption in the stack of the interpreter (Closes: #584516)
Checksums-Sha1: 
 fd2866e3d82f398f8091a762b7e2faafee7da846 1536 
ghostscript_8.62.dfsg.1-3.2lenny5.dsc
 8d5ea77baacacea4dbb6b93ac42c94166a72bee9 106204 
ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
 1919470cdd089ef93651855d5ee72ff743f23d65 28902 gs_8.62.dfsg.1-3.2lenny5_all.deb
 47f84c4e05b0f9715f04bdbc9114eea2070838f3 28898 
gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
 c124e13c947a59d5cedf5d34bc3c8a26b6e0f81a 28900 
gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
 ad74a114c72288aa6657961c3fda6da61dab50fc 28906 
gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
 833f5d7f338892ee1ddd981aef749824ad3e219a 29112 
gs-common_8.62.dfsg.1-3.2lenny5_all.deb
 352cb9dd565b04a324e8908446a52838b3c50f03 2783318 
ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
 3fe45a30113329a2c065bec6bc0f288876623ab1 801786 
ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
 579125184c0298a17ce8c5028e081149b0f49a4a 61720 
ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
 1d5132e4ee03684e6f776d211586622963dba82b 2221596 
libgs8_8.62.dfsg.1-3.2lenny5_i386.deb
 374ced3fcfb0c39592cf12770e6a65a104834a85 36512 
libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb
Checksums-Sha256: 
 23fb8fa7319fc1c95cc67587fceb68e77f8301f9e46ed5585ff4c1399eb7a0ef 1536 
ghostscript_8.62.dfsg.1-3.2lenny5.dsc
 6fa5d8e9ab2f2ed552cf4ec33260108cf4a33878614ab7815166d237c024df1c 106204 
ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
 7818f3eaf570c7e37122b339eb7e207b0364d24fbccd3d90d0a90996da697284 28902 
gs_8.62.dfsg.1-3.2lenny5_all.deb
 a635686f115762b22aad345caa448d317997f84ca07237354d15bad154c4f256 28898 
gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
 250b0c59a0751c8ded3ec83840903d11cd73c98d593800d23d945bbe88ba69dc 28900 
gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
 7dac9fad754d9f4e9235954f081cf5a4fe41f1b657d857b7f1759e4993144998 28906 
gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
 c14de345507a2a2f930eb5cb3a2f9a6d37c20ffb6fd7562c50dfe2602949adfe 29112 
gs-common_8.62.dfsg.1-3.2lenny5_all.deb
 5510e386882d61713b4260385a3400a3eca2fe59ac243ea14c41b1b9ab15aa06 2783318 
ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
 422ba7e825cfdf76a5b38adc818d1fc80f3038d376f3e8b4fc50ed34fd7147ec 801786 
ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
 278251c6db5661ac9584f0b56a58b7a31af0823a04ceaeae58917262eb9a9e45 61720 
ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
 fb073e2f03a8395a90c0eb4bd3551011974fcb0888d92ace97ada08ba08d5bec 2221596 
libgs8_8.62.dfsg.1-3.2lenny5_i386.deb
 a3bf1e2580d23a311674dcfefbfb54ff4fdc3b626ee5cfeefc4e56ffe7f5cba4 36512 
libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb
Files: 
 546b30cfe6f76c0b5bd72cbeac6508d4 1536 text optional 
ghostscript_8.62.dfsg.1-3.2lenny5.dsc
 b0bbc6e0754c9a0675fadba1e90f1fbc 106204 text optional 
ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
 996faec6be2dee08b2eb331db983cb42 28902 text extra 
gs_8.62.dfsg.1-3.2lenny5_all.deb
 02a99ada64c8e28343b0c1fefaeb4b90 28898 text extra 
gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
 a749fa7a079f61432dba471524e3e7a5 28900 text extra 
gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
 d3d81f5b998eb50a9e48715f2e60db6f 28906 text extra 
gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
 22d376a18c120a6dca73cbf6554c9f3c 29112 text optional 
gs-common_8.62.dfsg.1-3.2lenny5_all.deb
 79a9eb022df01d0bfb84f1b3506ca396 2783318 doc optional 
ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
 0dfcc2411c49a9d70327e40af7e13f98 801786 text optional 
ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
 92f05e83194a8de2512f844c86a2c976 61720 text optional 
ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
 5f4189281a15ec2ec55ddce517962f86 2221596 libs optional 
libgs8_8.62.dfsg.1-3.2lenny5_i386.deb
 47a4a9c4d9266c8b537fb6baafcc1faa 36512 libdevel optional 
libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxrxdAACgkQNxpp46476apLzQCfbVTsJ35p2QswmRgLFt1YF5XY
kMUAnjU/nY8m9NSwSTMli2AOdzJKEfG5
=U3Hg
-----END PGP SIGNATURE-----

--- End Message ---

Bug#584516: marked as done (CVE-2010-1628: allows context-dependent attackers to execute arbitrary code)

Reply via email to