Bug#861295: ghostscript: CVE-2017-8291: shell injection

On Thu, Apr 27, 2017 at 07:03:05AM +0200, Salvatore Bonaccorso wrote: > Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808 FTR, the bug has been restricted in meanwhile, but did contain a reproducer to demonstrate the issue. Regards, Salvatore

Bug#861295: ghostscript: CVE-2017-8291: shell injection

SuSE has caputred the initial report including a reproducer to verify the issue (and verify the fix upstream once landed there): https://bugzilla.suse.com/show_bug.cgi?id=1036453 Regards, Salvatore

cups-filters 1.13.5 released!

Hi, I have released cups-filters 1.13.5 now, with the following changes: - foomatic-rip: When called via the utility cupsfilter from CUPS, foomatic-rip was not able to read the PPD file with the file name supplied as environment variable PPD (Bug #1388).

Bug#861295: ghostscript: CVE-2017-8291: shell injection

Hi Upstream commits are now available: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Regards, Salvatore

Processed: ghostscript: diff for NMU version 9.20~dfsg-3.1

Processing control commands: > tags 859662 + patch Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Added tag(s) patch. > tags 859662 + pending Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Added tag(s) pending. > tags 859666 + pending Bug #859666 [src:ghostscript] ghostscript

Processed: ghostscript: diff for NMU version 9.20~dfsg-3.1

Processing control commands: > tags 859662 + patch Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tags of bug #859662 to the same tags previously set > tags 859662 + pending Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tag

Processed: ghostscript: diff for NMU version 9.20~dfsg-3.1

Processing control commands: > tags 859662 + patch Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tags of bug #859662 to the same tags previously set > tags 859662 + pending Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tag

Bug#859662: ghostscript: diff for NMU version 9.20~dfsg-3.1

Control: tags 859662 + patch Control: tags 859662 + pending Control: tags 859666 + pending Control: tags 859694 + pending Control: tags 859696 + pending Control: tags 861295 + patch Control: tags 861295 + pending Dear maintainer, I've prepared an NMU for ghostscript (versioned as 9.20~dfsg-3.1) a

Processed: ghostscript: diff for NMU version 9.20~dfsg-3.1

Processing control commands: > tags 859662 + patch Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tags of bug #859662 to the same tags previously set > tags 859662 + pending Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tag

Processed: ghostscript: diff for NMU version 9.20~dfsg-3.1

Processing control commands: > tags 859662 + patch Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tags of bug #859662 to the same tags previously set > tags 859662 + pending Bug #859662 [src:ghostscript] ghostscript: CVE-2016-10217 Ignoring request to alter tag

Processed: tagging 861295

Processing commands for cont...@bugs.debian.org: > tags 861295 + fixed-upstream Bug #861295 [src:ghostscript] ghostscript: CVE-2017-8291: shell injection Added tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 861295: http://bugs.debian.org/cg

Processing of ghostscript_9.20~dfsg-3.1_multi.changes

ghostscript_9.20~dfsg-3.1_multi.changes uploaded successfully to localhost along with the files: ghostscript_9.20~dfsg-3.1.dsc ghostscript_9.20~dfsg-3.1.debian.tar.xz ghostscript-doc_9.20~dfsg-3.1_all.deb libgs9-common_9.20~dfsg-3.1_all.deb Greetings, Your Debian queue daemon (run