Source: ghostscript Version: 9.20~dfsg-3.2+deb9u5 Severity: important Tags: upstream Control: found -1 9.25~dfsg-1~exp1 Control: found -1 9.25~dfsg-1 Control: affects -1 + security.debian.org Control: affects -1 + release.debian.org
A user reported a further regression with ghostscript after the last round of security-fixes, reported upstream as [1]. With the second.eps[2], ghostscript regresses as: > $ ./bin/gs -q -dSAFER -sDEVICE=nullpage -sOutputFile=/dev/null -dNOPAUSE > ~/second.eps -c quit > Error: /nocurrentpoint in --currentpoint-- > Operand stack: > > Execution stack: > %interp_exit .runexec2 --nostringval-- --nostringval-- > --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- > --nostringval-- false 1 %stopped_push 2015 1 3 %oparray_pop > 2014 1 3 %oparray_pop --nostringval-- 1998 1 3 %oparray_pop > 1884 1 3 %oparray_pop --nostringval-- %errorexec_pop .runexec2 > --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push > --nostringval-- --nostringval-- > Dictionary stack: > --dict:966/1684(ro)(G)-- --dict:0/20(G)-- --dict:82/200(L)-- > --dict:12/20(L)-- > Current allocation mode is local > Last OS error: No such file or directory > Current file position is 774 > GPL Ghostscript GIT PRERELEASE 9.25: Unrecoverable error, exit code 1 The issue is present upstream (as well in master), and bisect shows that it can be tracked down to upstream commit fb713b3818b52d8a6cf62c951eba2e1795ff9624 to address CVE-2018-17183. (details in reported upstream bug). Regards, Salvatore [1] https://bugs.ghostscript.com/show_bug.cgi?id=699832 [2] https://bugs.ghostscript.com/attachment.cgi?id=15708
second.eps
Description: PostScript document
