Bug#1033757: marked as done (ghostscript: CVE-2023-28879)

2023-04-07 Thread Debian Bug Tracking System 
Your message dated Fri, 07 Apr 2023 10:02:10 +
with message-id 
and subject line Bug#1033757: fixed in ghostscript 9.53.3~dfsg-7+deb11u4
has caused the Debian Bug report #1033757,
regarding ghostscript: CVE-2023-28879
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033757: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033757
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 10.0.0~dfsg-9
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=706494
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for ghostscript.

CVE-2023-28879[0]:
| In Artifex Ghostscript through 10.01.0, there is a buffer overflow
| leading to potential corruption of data internal to the PostScript
| interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode,
| TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte
| less than full, and one then tries to write an escaped character, two
| bytes are written.

I'm preparing an update for this issue.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-28879
https://www.cve.org/CVERecord?id=CVE-2023-28879
[1] https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public)

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.53.3~dfsg-7+deb11u4
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1033...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated ghostscript 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 03 Apr 2023 19:30:02 +0200
Source: ghostscript
Architecture: source
Version: 9.53.3~dfsg-7+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Printing Team 
Changed-By: Salvatore Bonaccorso 
Closes: 1033757
Changes:
 ghostscript (9.53.3~dfsg-7+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Prevent buffer overrun in (T)BCP encoding (CVE-2023-28879)
 (Closes: #1033757)
Checksums-Sha1: 
 e26202077d83a1598efe44950876e483a365308d 2864 
ghostscript_9.53.3~dfsg-7+deb11u4.dsc
 f7435cfd98bc39e4c260a008a76fbc5df3daf434 122660 
ghostscript_9.53.3~dfsg-7+deb11u4.debian.tar.xz
Checksums-Sha256: 
 487feab3cb8e067e9a25701d8cf0445754370d255beabd94207f15edeb5ef7dd 2864 
ghostscript_9.53.3~dfsg-7+deb11u4.dsc
 c70cabc526556648f1443327b5e498baef5fd853a39641396167331c978b 122660 
ghostscript_9.53.3~dfsg-7+deb11u4.debian.tar.xz
Files: 
 5f56c0ad6592cd1e947776c945d25571 2864 text optional 
ghostscript_9.53.3~dfsg-7+deb11u4.dsc
 44be9eae712a88614ceaac5843bf3bea 122660 text optional 
ghostscript_9.53.3~dfsg-7+deb11u4.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQrEDhfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFl8P/j2dRi6CdEz8KOZs7ExBSX4qcUkBbdkD
aET9BWh6YNiUxoj10hU/V15YT5t32NLkN/k7DB7qZk9pdkQFYyxzif1/THPaXg74
1D0k1TzucPF0i/qD5J4Vlof9YfDjRUvq3soGibAt6Sqb74D8DIyzJd4nAi8k83BJ
te+I8sYzVryG4VXUTsuJ4LZxoxLuzj4p5L++41smTvKZO9j4k45KhchE9/ttzw0v
ZrunWNJE8+ks3yRpRWhrtT8SO4sFUT1v8aH/rQ9SZlBQsmnamIP4Hytu7S6Xx8Ew
dDPiBy9fhr9uMTCN/T3XdRZiRm00L4qpGLjJ9zQXvgxzQCw7DQNGPL8SzE349g5C
61J8ifzy2dj6gCE6io1SeR+eNyS2o1C1Mw0015zdHzLDXA2MCSz+SBgQLZNGC4/1
2QyDTg17iuBAUn7wHceziQwlzb8M+XV5bUcX+YtDqLVsGZOfbSHYTF/e3fY9OIdZ
bD4w3yw/Bna9pmZ/PvfebIDfOB/7Fq4Eq8BaGf/GwhzjZZDCD3gJeeu5V9j6ANIL
cGxjj8D8orCHj36WFZn1F+Dul3488dApJqvigX8TuxXkLn3Bi37nUE/CJPhVgD2b
eeZ00W5xIc1qm8h1EWh/m1fybTldX4EV/rLZyWA4AVUQvVmd5kreuX8/LI8yB9Dt
u+hJDiiK6uSG
=hUi1
-END PGP SIGNATURE E

Processing of x4d-icons_1.2-2+deb11u1_source.changes

2023-04-07 Thread Debian FTP Masters 
x4d-icons_1.2-2+deb11u1_source.changes uploaded successfully to localhost
along with the files:
  x4d-icons_1.2-2+deb11u1.dsc
  x4d-icons_1.2-2+deb11u1.debian.tar.xz
  x4d-icons_1.2-2+deb11u1_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

libexplain_1.4.D001-11+deb11u1_source.changes ACCEPTED into proposed-updates

2023-04-07 Thread Debian FTP Masters 
Thank you for your contribution to Debian.



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 21 Mar 2023 14:20:00 +0100
Source: libexplain
Architecture: source
Version: 1.4.D001-11+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Santiago Vila 
Closes: 997222
Changes:
 libexplain (1.4.D001-11+deb11u1) bullseye; urgency=medium
 .
   * QA upload.
   * Apply two patches from bookworm to build with newer kernels:
   - Patch: Linux 5.11 no longer has if_frad.h, from Ubuntu. Closes: #997222
   - Patch: termiox removed since kernel 5.12, from ALT Linux.
Checksums-Sha1:
 ed7e7df46add7ca753a5591653514aac5f216a9d 1875 
libexplain_1.4.D001-11+deb11u1.dsc
 4672c4e7367af47b2d3bd9e186ef6e007ec6e146 47240 
libexplain_1.4.D001-11+deb11u1.debian.tar.xz
 33bf9975b806ef444ca7dcad221d570c01527f1c 6997 
libexplain_1.4.D001-11+deb11u1_source.buildinfo
Checksums-Sha256:
 6816bcf0cb6496e81ca2758eed4e5aa3a8800765072ab7655a9091aec80e605c 1875 
libexplain_1.4.D001-11+deb11u1.dsc
 ff5484c64e91a7dc24a969a14271546f4b897e386c0904ec6e7035cbdee87a43 47240 
libexplain_1.4.D001-11+deb11u1.debian.tar.xz
 3bf373e7e6e57ef26021a72049ac4c79d900f115eae493e63a6fddb00c493ff2 6997 
libexplain_1.4.D001-11+deb11u1_source.buildinfo
Files:
 e95600f1846001c8b3ba1ad8935779d4 1875 devel optional 
libexplain_1.4.D001-11+deb11u1.dsc
 69487589df1431d8b887e9fa0c297222 47240 devel optional 
libexplain_1.4.D001-11+deb11u1.debian.tar.xz
 9d75dc365abe2b97d3c32bad624d9609 6997 devel optional 
libexplain_1.4.D001-11+deb11u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmQZr1cACgkQQc5/C58b
izI+2wgAoB/PISHFXvHgTRETH+sbwQe1dqd1rE/1+wvsQN18k5JrGokyDxd/v/98
IZ6pxmsr957BMJJoMG/wMkT/EMec0DOHchbk7msg9j9B/9VLQ/lwBFya+4jfm5M5
Z4FWS87GmBWDn9aQ8qhB8yVk+8GHDdKtkXgAO+oOu8tvdgODveM4SwZaiTy85Qz1
MibNoJFwVE9m3Zy+oo8YBm2uTCq6+8RNWfBy9rSpU7tufWgIYqGzplyNOS79dhCA
B4KTw4e0WEoXfpnP0GkZKfrWI8QfdTi9iTnyRw8nkrEncEfbd24JAyXJCKXa2iNo
zz1eshjaKSWgqePD5i75spsOkMpMeg==
=f1II
-END PGP SIGNATURE-

x4d-icons_1.2-2+deb11u1_source.changes ACCEPTED into proposed-updates->stable-new

2023-04-07 Thread Debian FTP Masters 
Thank you for your contribution to Debian.

Mapping bullseye to stable.
Mapping stable to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Tue, 21 Mar 2023 13:50:00 +0100
Source: x4d-icons
Architecture: source
Version: 1.2-2+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian QA Group 
Changed-By: Santiago Vila 
Closes: 991067
Changes:
 x4d-icons (1.2-2+deb11u1) bullseye; urgency=medium
 .
   * QA upload.
   * Fix FTBFS problem with new imagemagick. The fix is the same which was
 already applied in bookworm. Closes: #991067.
   * The above patch requires raising debhelper compatibility level to 13.
Checksums-Sha1:
 1c52fe0a4cffdb4c2f93cd8cefc0b1441a08790b 1533 x4d-icons_1.2-2+deb11u1.dsc
 1a913acab89bba6060ab549d4227f5549073d3a7 2648 
x4d-icons_1.2-2+deb11u1.debian.tar.xz
 4cb920fde2179f810d14b04d4c4932936e66c132 7232 
x4d-icons_1.2-2+deb11u1_source.buildinfo
Checksums-Sha256:
 8248ffabd9f0adf02f62e2e19a833656912dd89604a8a861ac78c7dbac9168b3 1533 
x4d-icons_1.2-2+deb11u1.dsc
 a812f08b46965952c8cf73c8fc55582092333c71289e2990ebe9d6e5bc60843b 2648 
x4d-icons_1.2-2+deb11u1.debian.tar.xz
 505d85fe65d15a5a00738f0e49f58e914778344ea040095027b1a3c153fc 7232 
x4d-icons_1.2-2+deb11u1_source.buildinfo
Files:
 d918327bbe9d961ea0e78f7706adb399 1533 graphics optional 
x4d-icons_1.2-2+deb11u1.dsc
 3a4a6f7bcd76f00e7337b7a67f19a260 2648 graphics optional 
x4d-icons_1.2-2+deb11u1.debian.tar.xz
 97c0dde107e4c4957bcf6b130b70f272 7232 graphics optional 
x4d-icons_1.2-2+deb11u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmQZqbAACgkQQc5/C58b
izKpqwf+PKwCNSKrBQp4ty0dE9d2zlc0kGga38rBSWlNy7GMyu3mRkoqrkM4PGdV
I180MRjeA2hANBz4IzY1z1UWJhsxGjwkvNMbdqTyNpozpd3gEmRVEUM0PYGgtuNi
0oVFqWGTd7z2nk3GR4+sVvRKcPHDDv+JeKGNyEH+0AsyvIsu3m5bw+UJj77Syxt6
FEX1Sf9A3iMPJtZx2OvBPo/Zq5WUPAzcgXipLTkfXp+GfNIB/M4py0y9uekeq/o7
thatgGTFcpm+LjkJsFLFT3/sAPEpiW3VRg9v02pFWuFYa6u0SSAQ4ha0oZWS69oM
2P8xFRNW59s3JLcF5Mw7LXeOHH8WOA==
=DLgN
-END PGP SIGNATURE-