Hi,
uploading a 0-day NMU to fix this as the maintainer is 
listed in the LowThresholdNmu list.

Attached is the patch to fix this.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/ghostscript-8.61.dfsg.1-1_8.61.dfsg.1-1.1.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u ghostscript-8.61.dfsg.1/debian/changelog ghostscript-8.61.dfsg.1/debian/changelog
--- ghostscript-8.61.dfsg.1/debian/changelog
+++ ghostscript-8.61.dfsg.1/debian/changelog
@@ -1,3 +1,13 @@
+ghostscript (8.61.dfsg.1-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by security team.
+  * Fix stack based buffer overflow in the zseticcspace() function possibly
+    leading to arbitrary code exeuction via a crafted ps file.
+    (31_CVE-2008-0411.dpatch; Closes: #468190).
+  * Adjusting libgs shlibs file to match the new version number.
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Sat, 01 Mar 2008 11:18:27 +0100
+
 ghostscript (8.61.dfsg.1-1) unstable; urgency=low
 
   [Masayuki Hatta]
diff -u ghostscript-8.61.dfsg.1/debian/patches/00list ghostscript-8.61.dfsg.1/debian/patches/00list
--- ghostscript-8.61.dfsg.1/debian/patches/00list
+++ ghostscript-8.61.dfsg.1/debian/patches/00list
@@ -20 +20 @@
-
+31_CVE-2008-0411.dpatch
diff -u ghostscript-8.61.dfsg.1/debian/libgs8.shlibs ghostscript-8.61.dfsg.1/debian/libgs8.shlibs
--- ghostscript-8.61.dfsg.1/debian/libgs8.shlibs
+++ ghostscript-8.61.dfsg.1/debian/libgs8.shlibs
@@ -1 +1 @@
-libgs 8 libgs8 (= 8.61.dfsg.1-1)
+libgs 8 libgs8 (= 8.61.dfsg.1-1.1)
only in patch2:
unchanged:
--- ghostscript-8.61.dfsg.1.orig/debian/patches/31_CVE-2008-0411.dpatch
+++ ghostscript-8.61.dfsg.1/debian/patches/31_CVE-2008-0411.dpatch
@@ -0,0 +1,20 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 31_CVE-2008-0411.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for CVE-2008-0411
+
[EMAIL PROTECTED]@
+diff -urNad ghostscript-8.61.dfsg.1~/src/zicc.c ghostscript-8.61.dfsg.1/src/zicc.c
+--- ghostscript-8.61.dfsg.1~/src/zicc.c	2007-09-25 15:31:24.000000000 +0200
++++ ghostscript-8.61.dfsg.1/src/zicc.c	2008-03-01 11:17:18.000000000 +0100
+@@ -77,6 +77,9 @@
+     dict_find_string(op, "N", &pnval);
+     ncomps = pnval->value.intval;
+ 
++    if (2*ncomps > sizeof(range_buff)/sizeof(float))
++    return_error(e_rangecheck);
++
+     /* verify the DataSource entry */
+     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
+         return_error(e_undefined);

Attachment: pgpDIGvul9Xaw.pgp
Description: PGP signature

Reply via email to