Your message dated Tue, 01 Apr 2014 10:21:49 +0000 with message-id <e1wuvpf-000330...@franck.debian.org> and subject line Bug#742902: fixed in a2ps 1:4.14-1.3 has caused the Debian Bug report #742902, regarding a2ps: CVE-2014-0466: does not invoke gs with -dSAFER to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 742902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: a2ps Version: 1:4.14-1.2 Severity: grave Tags: security fixps does not invoke gs with -dSAFER. As a consequence, a malicious PostScript file could delete files with the privileges of the invoking user. I have provided a test script that can be invoked as such: ./test-wrapper-fixps fixps This was reported to the Debian Security Team, who assigned this CVE-2014-0466. It was also reported to upstream, who has not provided an update or issued a fixed version. This is being reported publicly as over 45 days has elapsed and neither upstream nor the security team has requested a delay or issued an advisory. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-rc7-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages a2ps depends on: ii file 1:5.17-1 ii libc6 2.18-4 ii libpaper1 1.1.24+nmu2 ii psutils 1.17.dfsg-1 Versions of packages a2ps recommends: ii bzip2 1.0.6-5 ii cups-bsd [lpr] 1.7.1-10 ii wdiff 1.2.1-2 Versions of packages a2ps suggests: pn emacsen-common <none> ii ghostscript 9.05~dfsg-8+b1 ii groff 1.22.2-5 pn gv <none> pn html2ps <none> ii imagemagick 8:6.7.7.10+dfsg-1 pn t1-cyrillic <none> ii texlive-binaries [texlive-base-bin] 2013.20130729.30972-2+b2 -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187#!/bin/sh # test-wrapper: test if a program is running gs without -dSAFER # # Usage: test-wrapper program --option --option2 TEMPDIR=`mktemp -d` [ -n "$TEMPDIR" ] || exit 1 touch "$TEMPDIR/remove-me" groff -Tps <<EOM | sed -e '/%%Pages/d' >"$TEMPDIR/exploit.ps" Text \X'ps: exec ($TEMPDIR/remove-me) deletefile' More text. EOM "$@" "$TEMPDIR/exploit.ps" >/dev/null if [ -e "$TEMPDIR/remove-me" ] then printf "Program is not vulnerable.\n" else printf "Program is VULNERABLE!\n" fi rm -r -- "$TEMPDIR"
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: a2ps Source-Version: 1:4.14-1.3 We believe that the bug you reported is fixed in the latest version of a2ps, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 742...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated a2ps package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Mar 2014 09:09:07 +0200 Source: a2ps Binary: a2ps Architecture: source amd64 Version: 1:4.14-1.3 Distribution: unstable Urgency: high Maintainer: Masayuki Hatta (mhatta) <mha...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: a2ps - GNU a2ps - 'Anything to PostScript' converter and pretty-printer Closes: 742902 Changes: a2ps (1:4.14-1.3) unstable; urgency=high . * Non-maintainer upload. * Add CVE-2014-0466.diff patch. CVE-2014-0466: fixps does not invoke gs with -dSAFER. A malicious PostScript file could delete files with the privileges of the invoking user. Thanks to brian m. carlson <sand...@crustytoothpaste.net> (Closes: #742902) Checksums-Sha1: fa09dd2c0745f0a0871fc5d22615dded65676a5f 1836 a2ps_4.14-1.3.dsc 16d6b0abe0f00f0d68687216149b8bfb98dde08c 26544 a2ps_4.14-1.3.debian.tar.xz 5de4d649ff4b5a4658b935a61a81a73c0a45816b 631830 a2ps_4.14-1.3_amd64.deb Checksums-Sha256: c3648ba4a10c22beb5d8fe5b00ae3facea8a6bc43274d51c80c5cba9d9d9144e 1836 a2ps_4.14-1.3.dsc abacda0083d79bd45d051d14a187d3af72ccc880ebe59b45a6dd51bbcb975f06 26544 a2ps_4.14-1.3.debian.tar.xz e515392bebd3ccb8c6874128171a279b0f108f521ff1cf38352b98cb0819c320 631830 a2ps_4.14-1.3_amd64.deb Files: 9c14d317505015b3128cc093b8e2c4a8 1836 text optional a2ps_4.14-1.3.dsc cfd63b437bd3df22489dbe62dd4fa0f5 26544 text optional a2ps_4.14-1.3.debian.tar.xz 5951cb6c5aa9b01a0badd1fa473ed545 631830 text optional a2ps_4.14-1.3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTN8SvAAoJEAVMuPMTQ89EFysP/idnNyP/7JqITcyMHIMXhARE nJ81tz4mQNYlfQ2OR6oVGbGv2MQegw6HwqQHQfbZpzmJjRt9ObzSEzjQyF5GJCVJ wJVfHjlm9qNfcbZ24HeQ1bcFZGqXc27dSaHB9EmlKpcLqR3uACIRLufE+Yi7EEjk GvaYfP78Lx/QK78d4qIeAveaubbAM6B7aCoOzlSDBXFI6LYa2IQs7wZUfAUhocbq 0SKFbcnVd+wauSA9lKPp4MWOAm044h4Cwk2Qm2tv99285UsDYt5DVylXO+wmajwj P7sHwT5cZlj07Q0rIthy7zgGlFd3IZCLlTxhqNBLmWy+xigUi62x+CWDnsUsAiOT +KIefXUDdGDaGzWPUFvAydGmdMGhqxZshIKavavHnjQtV+J2e6pyCWiAeIqbEiGz BBocJOvU+kk+uS/cTnxnv+sXRWWcAAmUB+sL67HkdVu9pPY7s+xdS2j16VIPQCAC o0qwQPH/bSHjLOmtS+Oft9LsFfjHp66PSTi087PP225qqVexEt6dWXsdVQzZgvpK jmVJvrACRCgS2Qcj6c6afTjrU4guksjSitXmblpRLePDra2koHhnOP76GdLQet2t tE0dMVmAc0UgRRiQ24zCgZXzYCayWC/SrdPWGGrV2UJaKaMcW0HMRQxBIg1o3914 dR8eHmyq+mAWYGx8jL53 =UEBE -----END PGP SIGNATURE-----
--- End Message ---
