Hi
CVE-2013-6402 was now assigned to this issue.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131128060624.ga31...@lorien.valinor.li
Package: hplip
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for hplip.
CVE-2013-6427[0]:
insecure auto update feature
SuSE decided to patch the update.py script to exit imediately, see [1]
for details. I have only verified that the hplip-data source pack
ecure temporary files handling in pkit.py.
+(Closes: #725876)
+ * Add missing dh_bugfiles invocation in binary-indep target
+
+ -- Salvatore Bonaccorso Sun, 12 Jan 2014 10:59:12 +0100
+
hplip (3.13.11-2) unstable; urgency=medium
* Urgency medium for CVE fix
diff -Nru hplip-3.13.11/d
Architecture: source all amd64
Version: 3.13.11-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian HPIJS and HPLIP maintainers
Changed-By: Salvatore Bonaccorso
Description:
hpijs-ppds - HP Linux Printing and Imaging - HPIJS PPD files
hplip - HP Linux Printing and Imaging System (HPLIP
Source: cups-filters
Version: 1.0.50-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi
See [1] and [2]:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1083326
[2] http://seclists.org/oss-sec/2014/q2/3
AFAICS this was introduced in 1.0.41 and wheezy
Source: hplip
Version: 3.14.6-1
Severity: important
Tags: security upstream
Hi,
See https://marc.info/?l=oss-security&m=143290483527532&w=2 for the
issue found by Enrico Zini.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your ch
Source: ippusbxd
Version: 1.21.2-1
Severity: important
Tags: security upstream
Hi
While reviewing ippusbxd in Ubuntu it was found that ippusbxd allows
access to a connected USB printer via all configured network
addresses, see
https://bugs.launchpad.net/ubuntu/+source/ippusbxd/+bug/1455644 and
fo
Hi Didier,
On Thu, Aug 13, 2015 at 09:50:24AM +0200, Didier 'OdyX' Raboud wrote:
> Control: tags -1 +pending
>
> Le mardi, 11 août 2015, 10.51:47 Salvatore Bonaccorso a écrit :
> > While reviewing ippusbxd in Ubuntu it was found that ippusbxd allows
> > access to
Hi Didier,
On Tue, Dec 15, 2015 at 11:48:19AM +0100, Didier 'OdyX' Raboud wrote:
> Hi Yann,
>
> Le lundi, 14 décembre 2015, 18.15:59 Yann Soubeyrand a écrit :
> > Attached is the upstream patch with proper DEP-3 headers.
> >
> > If you need help to prepare the packages for Jessie and Wheezy, fee
Hey,
On Tue, Dec 15, 2015 at 07:56:54PM +0100, Samuel Thibault wrote:
> Giving some background for people who haven't had the whole story.
[...]
Since this is not directly releated to a security issue in
cups-filters, could you please drop t...@security.debian.org from
further replies? Would be a
Hi Didier,
On Wed, Jan 20, 2016 at 08:29:29AM +0100, Didier 'OdyX' Raboud wrote:
> Le mardi, 19 janvier 2016, 00.38:02 Till Kamppeter a écrit :
> > On 01/14/2016 10:07 AM, Didier 'OdyX' Raboud wrote:
> > > Le jeudi, 14 janvier 2016, 01.38:19 Till Kamppeter a écrit :
> > >> Hi,
> > >>
> > >> I hav
clone 839260 -1
retitle -1 ghostscript: .libfile doesn't check PermitFileReading array,
allowing remote file disclosure
forwarded -1 http://bugs.ghostscript.com/show_bug.cgi?id=697169
retitle 839260 ghostscript: various userparams allow %pipe% in paths, allowing
remote shell command execution
for
Source: ghostscript
Version: 9.19~dfsg-3
Severity: grave
Tags: security upstream
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697179
Hi
See:
Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
Patch:
http:/
Source: ghostscript
Version: 9.19~dfsg-3
Severity: grave
Tags: security upstream patch
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Hi
See:
Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
Patch:
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697203
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-8602[0]:
another type confusion bug
If y
Control: severity -1 serious
Rationale for severity increase: We ship DSA-3691-1 in jessie
containing the fix, and not having the security fix in stretch then
would be a regression.
Regards,
Salvatore
Control: affects -1 security.debian.org
Control: tags -1 + help
Hi Francesco,
On Thu, Oct 13, 2016 at 11:56:22PM +0200, Francesco Poli (wintermute) wrote:
> Package: libgs9
> Version: 9.06~dfsg-2+deb8u3
> Severity: grave
> Tags: security
> Justification: renders package unusable
>
> Hello!
>
>
sufficient params in .sethalftone5 and param
+types (Closes: #840451)
+
+ -- Salvatore Bonaccorso Sun, 16 Oct 2016 20:40:03 +0200
+
ghostscript (9.19~dfsg-3) unstable; urgency=medium
* Avoid merging same-licensed sections in copyright_hints.
diff -Nru ghostscript-9.19~dfsg/debian/patches
Hi Francesco,
On Fri, Oct 14, 2016 at 10:56:57PM +0200, Francesco Poli wrote:
> On Fri, 14 Oct 2016 06:47:47 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > Hi Francesco,
>
> Hello Salvatore, thanks for your fast reply!
>
> >
> > On Thu, Oct 13, 2016
Hi Roberto
Could you double-check/confirm if you see the same
https://bugs.debian.org/840691 in wheezy? Note although the bug is
still assigned to ghostscript I think the problem uncovered is
actually in libspectre as noted in the bug log. But I wonder if you
see the same issues in wheezy now that
Hi,
On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> On Wed, Oct 26, 2016 at 11:09:54PM -0400, Roberto C. Sánchez wrote:
> > On Tue, Oct 25, 2016 at 09:54:01PM +0200, Salvatore Bonaccorso wrote:
> > > Hi Roberto
> > >
> > > Could you doub
Hi Edgar,
On Thu, Oct 27, 2016 at 10:01:53AM +0200, Edgar Fuß wrote:
> The problem is line 2011 in
> /usr/share/ghostscript/9.05/Resource/Init/gs_init.ps:
> systemdict /getenv {pop //false} put
> change that to
> systemdict /getenv {pop //false} .forceput
> (gs-commits 99e331527d541a8
Hi
On Thu, Oct 27, 2016 at 06:40:12AM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> > On Thu, Oct 27, 2016 at 06:31:43AM -0400, Roberto C. Sánchez wrote:
> > > On Thu, Oct 27, 2016 at 08:54:39AM +0200, Moritz Muehlenhoff wrote:
> > > >
>
Hi,
On Thu, Oct 27, 2016 at 12:53:56PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> On Thu, Oct 27, 2016 at 06:40:12AM -0400, Roberto C. Sánchez wrote:
> > On Thu, Oct 27, 2016 at 12:35:16PM +0200, Moritz Muehlenhoff wrote:
> > > On Thu, Oct 27, 2016 at 06:31:43AM -0400,
Hi Roberto,
On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> Is your plan to release this as a -2 regression update to the previous
> DSA? I assume that is what you plan to do, but I wanted to confirm to
> be certain.
Yes exactly, that's the plan. I would still like to hear
Hi Francesco,
On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
>
> [...]
> > On Thu, Oct 27, 2016 at 09:50:02AM -0400, Roberto C. Sánchez wrote:
> > > Is your plan to release this as a -2
On Thu, Oct 27, 2016 at 08:54:39PM -0400, Roberto C. Sánchez wrote:
> On Thu, Oct 27, 2016 at 11:43:01PM +0200, Francesco Poli wrote:
> > On Thu, 27 Oct 2016 18:17:20 +0200 Salvatore Bonaccorso wrote:
> >
> > [...]
> > > On Thu, Oct 27, 2016 at 09:50:02AM -
Hi
I now have uploaded the version (see previously sent debdiff) to
security master and will release the regression update once all archs
have build the packages.
Regards,
Salvatore
Source: jbig2dec
Version: 0.13-3
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for jbig2dec.
NOTE: Actually not much has been published yet. There is an upstream
bugreport at [1], so I opening this bug in the Debian BTS to help
tracking the issue. Ther
Control: tags -1 + fixed-upstream
Hi
According to https://bugs.ghostscript.com/show_bug.cgi?id=697457#c7
this is fixed in the git repository for jbig2dec.
Regards,
Salvatore
+++ ghostscript-9.20~dfsg/debian/changelog 2017-02-26 21:03:15.0
+0100
@@ -1,3 +1,11 @@
+ghostscript (9.20~dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Resolve image enumerator ownership on error (CVE-2017-6196)
+(Closes: #856142)
+
+ -- Salvatore Bonaccorso
Control: notfound -1 9.06~dfsg-2
Control: notfound -1 9.20~dfsg-2
Hi
After some more investigation I suspect the issue actually was only
introduced with
http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
and indeed applying that commit on top of the sid packagi
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697676
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-7207[0]:
| The mem_get_bits_rectangle function in Artifex Software, In
hi Jonas
Thanks for fixing CVE-2017-7207 in unstable. Can you ask as well
release team for an unblock, so that the fix goes to stretch?
Btw, there was a wrong bug closer for this bug (using the upstream bug
number instead), thus closed this one manually.
Regards,
Salvatore
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697456
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10217[0]:
| The pdf14_open function in base/gdevp14.c in Artifex Software, I
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: security patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697453
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10219[0]:
| The intersect function in base/gxfill.c in Artifex Softwar
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: patch security upstream
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10220[0]:
| The gs_makewordimagedevice function in base/gsdevmem.c in Artifex
| Software, Inc. Ghostscript 9.20 allows remote attacke
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697548
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-5951[0]:
| The mem_get_bits_rectangle function in base/gdevmem.c in Artifex
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697703
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7885[0]:
| Artifex jbig2dec 0.13 has a heap-based buffe
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7976[0]:
| Artifex jbig2dec 0.13 allows out-of-bounds w
Source: jbig2dec
Version: 0.13-4
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697693
Control: found -1 0.13-4~deb8u1
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-7975[0]:
| Artifex jbig2dec 0.13, as used in Ghostscrip
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459
Hi,
the following vulnerability was published for ghostscript.
CVE-2016-10317[0]:
| The fill_threshhold_buffer function in base/gxht_thresh.c in Art
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: upstream security
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-8291[0]:
| Artifex Ghostscript through 2017-04
On Thu, Apr 27, 2017 at 07:03:05AM +0200, Salvatore Bonaccorso wrote:
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697808
FTR, the bug has been restricted in meanwhile, but did contain a
reproducer to demonstrate the issue.
Regards,
Salvatore
SuSE has caputred the initial report including a reproducer to verify
the issue (and verify the fix upstream once landed there):
https://bugzilla.suse.com/show_bug.cgi?id=1036453
Regards,
Salvatore
Hi
Upstream commits are now available:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
Regards,
Salvatore
694)
+ * Avoid divide by 0 in scan conversion code (CVE-2016-10219)
+(Closes: #859666)
+ * Dont create new ctx when pdf14 device reenabled (CVE-2016-10217)
+(Closes: #859662)
+
+ -- Salvatore Bonaccorso Fri, 28 Apr 2017 06:50:05 +0200
+
ghostscript (9.20~dfsg-3) unstable; urgency=medium
Control: tags -1 + fixed-upstream
Hi
there is now a commit upstream for this issue:
Fixed in
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
Regards,
Salvatore
Control: tags -1 + fixed-upstream
On Thu, Apr 20, 2017 at 08:15:29AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: upstream security
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697693
> Control: found -1 0.1
Control: tags -1 + fixed-upstream
On Thu, Apr 20, 2017 at 08:12:01AM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-4
> Severity: important
> Tags: security upstream
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697683
> Control: found -1 0.1
-7976)
+(Closes: #860787)
+
+ -- Salvatore Bonaccorso Tue, 16 May 2017 20:08:21 +0200
+
jbig2dec (0.13-4) unstable; urgency=medium
* Add patches cherry-picked upstream to squash signed/unsigned
diff -Nru jbig2dec-0.13/debian/patches/020170426~5e57e48.patch jbig2dec-0.13/debian/patches/0201
Package: ghostscript
Version: 9.20~dfsg-3.1
Severity: serious
Tags: patch security upstream fixed-upstream
Justification: regression
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697846
Hi
The update in unstable for ghostscript breaks pstoedit when using
DELAYBIND feature.
Details: htt
FTR, "reproducer"
$ pstoedit -f plot-svg foo.pdf foo.svg -dt -ssp -psarg -r9600x9600 -pta
Regards,
Salvatore
n error. (Closes: #862779)
+
+ -- Salvatore Bonaccorso Sun, 21 May 2017 19:22:52 +0200
+
ghostscript (9.20~dfsg-3.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch ghostscript-9.20~dfsg/debian/patches/020170503~57f2071.patch
--- gho
Hi Jonas,
On Sun, May 21, 2017 at 09:17:12PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2017-05-21 19:37:55)
> > I've prepared an NMU for ghostscript (versioned as 9.20~dfsg-3.2) and
> > uploaded it to DELAYED/2. Please feel free to tell me if I should
Source: jbig2dec
Version: 0.13-1
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697934
Hi,
the following vulnerability was published for jbig2dec.
CVE-2017-9216[0]:
| libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
| Ghostscript,
Control: tags -1 + fixed-upstream
On Wed, May 24, 2017 at 08:40:44PM +0200, Salvatore Bonaccorso wrote:
> Source: jbig2dec
> Version: 0.13-1
> Severity: important
> Tags: upstream security
> Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697934
>
> Hi,
>
>
Source: ghostscript
Version: 9.21~dfsg-1
Severity: normal
Tags: security patch upstream
Hi,
the following vulnerabilities were published for ghostscript. Note,
I'm collecting those in one bug, because they are currently
unimportant for Debian as xps/ not used during build. But it would be
nice to
Source: ghostscript
Version: 9.21~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697985
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9835[0]:
| The gs_alloc_ref_array function in psi/iallo
Source: ghostscript
Version: 9.06~dfsg-1
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698063
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9739[0]:
| The Ins_JMPR function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream patch security fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698056
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9727[0]:
| The gx_ttfReader__Read function in base/gxtt
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: upstream security patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698055
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9726[0]:
| The Ins_MDRP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698024
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9611[0]:
| The Ins_MIRP function in base/ttinterp.c in
Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698026
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-9612[0]:
| The Ins_IP function in base/ttinterp.c in Ar
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698158
Hi,
the following vulnerability was published for ghostscript.
CVE-2017-11714[0]:
| psi/ztoken.c in Artifex Ghostscript 9.21 mishan
Source: ghostscript
Version: 9.06~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699255
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-10194[0]:
| The set_text_distance function in devices/vector/gdevpdts.c in
gency=medium
+
+ * Non-maintainer upload.
+ * Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
+(Closes: #860869)
+ * pdfwrite - Guard against trying to output an infinite number
+(CVE-2018-10194) (Closes: #896069)
+
+ -- Salvatore Bonaccorso Fri, 20 Apr 2018 12:28:29 +0200
+
ghosts
Hi Jonas,
On Fri, Apr 20, 2018 at 07:23:22PM +0200, Jonas Smedegaard wrote:
> Excerpts from Salvatore Bonaccorso's message of april 20, 2018 6:49 pm:
> > Control: tags 860869 + patch
> > Control: tags 860869 + pending
> > Control: tags 896069 + pending
> >
> > Dear maintainer,
> >
> > I've prepa
Source: cups
Version: 2.2.1-8
Severity: serious
Tags: patch security
Control: fixed -1 2.2.1-8+deb9u2
Hi,
I'm filling this with severity serious, as it indicates a regression
from stable, given the issue was fixed already via DSA-4243-1 in
2.2.1-8+deb9u2.
CVE-2018-6553[0]:
AppArmor profile issue
Hi,
On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> Tavis Ormandy disclosed a new ghoscript security issue, leading directly to
> code
> execution: http://openwall.com/lists/oss-security/2018/08/21/2
There are actually several issues, see the whole thread. For now since
Hi,
On Mon, Aug 27, 2018 at 08:34:25PM +0200, Jonas Smedegaard wrote:
> Quoting Salvatore Bonaccorso (2018-08-26 21:55:14)
> > Hi,
> >
> > On Sun, Aug 26, 2018 at 06:08:58PM +0100, Nicolas Braud-Santoni wrote:
> > > Tavis Ormandy disclosed a new ghoscript se
Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Control: found -1 9.20~dfsg-1
There is one more followup fix needed:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=79cccf641486
https://bugs.ghostscript.com/show_bug.cgi?id=699654
Decoupling this f
Control: retitle -1 ghostscript: CVE-2018-16509
Hi
The full set for the now assigned CVE-2018-16509 is actually:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b
Source: ghostscript
Version: 9.22~dfsg-3
Severity: serious
Tags: patch upstream
Justification: regression
Hi
It was reported a regression while testing the security update, which
resulted in the increment to +deb9u4, which included the fix. The
regression was spotted while
http://git.ghostscript.
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699670
Control: fixed -1 9.20~dfsg-3.2+deb9u4
Hi,
The following vulnerability was published for ghostscript.
CVE-2018
Hi,
On Sat, Sep 08, 2018 at 10:17:10AM +0200, Salvatore Bonaccorso wrote:
> (which might require
> http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3439399a5c
> as well).
Scratch that, thas is just a fix for a further issue, namely
CVE-2018-16543
Source: ghostscript
Version: 9.22~dfsg-3
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699671
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-16510[0]:
| An issue was discovered in A
hi,
On Sat, Sep 08, 2018 at 10:52:36AM +0200, Salvatore Bonaccorso wrote:
> Hi,
>
> On Sat, Sep 08, 2018 at 10:17:10AM +0200, Salvatore Bonaccorso wrote:
> > (which might require
> > http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b5536fa88a9e885032bc0df3852c3
Source: ghostscript
Version: 9.20~dfsg-3.2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699663
Control: fixed -1 9.20~dfsg-3.2+deb9u3
Hi,
The following vulnerability was published for ghostscript.
CVE-2018
hi,
On Tue, Sep 18, 2018 at 09:58:10AM +0200, Mattia Rizzolo wrote:
> Package: ghostscript
> Version: 9.20~dfsg-3.2+deb9u5
> Severity: serious
> X-Debbugs-CC: t...@security.debian.org, Moritz Mühlenhoff ,
> reproducible-bui...@lists.alioth.debian.org
> Control: affects -1 diffoscope
>
> Dear mai
Hi
FTR, I tried to bisect the issue, by using commits between 9.20 and
9.21 upstream and applying on top each
fb713b3818b52d8a6cf62c951eba2e1795ff9624 . Due to a possibly unrelated
bug, some of the commits cause "empty" outputs, so I had to skip those
all. The resulting git bisect is
git bisect s
Hi Markus,
On Thu, Sep 27, 2018 at 10:33:06PM +0200, Markus Koschany wrote:
> Hi,
>
> I believe I have found the solution to this problem. Apparently they
> changed the underlying device for ps2ascii to txtwrite last year.
>
> http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2fa6beaa40144c5
Hi,
Futher tests and comparisons make me confident that with
cc746214644deacd5233a1453ce660573af09443 needed the output of stretch
aligns to the one produced in unstable's ghostscript (9.25~dfsg-2).
There is still the output changes produces, which might impact
(build)-rdepends, so we might need
Hi Markus,
On Sat, Sep 29, 2018 at 03:06:04PM +0200, Markus Koschany wrote:
> I have tried some of those commits:
>
> http://git.ghostscript.com/?p=ghostpdl.git&a=search&h=HEAD&st=commit&s=txtwrite
>
> This one adds even more whitespace and moves the 1 character further to
> the right.
>
> http
Source: ghostscript
Version: 9.20~dfsg-3.2+deb9u5
Severity: important
Tags: upstream
Control: found -1 9.25~dfsg-1~exp1
Control: found -1 9.25~dfsg-1
Control: affects -1 + security.debian.org
Control: affects -1 + release.debian.org
A user reported a further regression with ghostscript after the l
Hi,
Further datapoint: This regressed already in the 9.20~dfsg-3.2+deb9u4
vesion, so its not going to be the same issue as #909929.
Unstable's version (9.25~dfsg-2) looks good as well.
Regards,
Salvatore
Source: ghostscript
Version: 9.25~dfsg-2
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-17961[0]:
ghostscript: bypassing executeonly to escape -dSAFER sandbox
If you fix the vulnerability pl
Source: ghostscript
Version: 9.25~dfsg-2
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699927
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-18073[0]:
saved execution stacks can leak operator arrays
If you fix the
Source: ghostscript
Version: 9.20~dfsg-1
Severity: grave
Tags: patch security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=699963
Hi,
The following vulnerability was published for ghostscript.
CVE-2018-18284[0]:
1Policy operator gives access to .forceput
If you fix the vulne
Source: ghostscript
Version: 9.22~dfsg-1
Severity: important
Tags: patch upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700023
Hi
In 9.22rc1 upstrean there was a regression introduced in 9.22rc1
causing that for instance all the papersize with define "LeadingEdge"
can't print su
Source: ghostscript
Version: 9.26~dfsg-1
Severity: serious
Tags: patch upstream
Justification: regression
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700315
Control: found -1 9.26~dfsg-0+deb9u1
Control: affects -1 release.debian.org,security.debian.org
Hi
There is a regression reporte
Source: cups
Version: 2.2.9-4
Severity: important
Tags: patch security upstream
Hi,
The following vulnerability was published for cups.
CVE-2018-4700[0]:
Linux session cookies used a predictable random number seed
If you fix the vulnerability please also make sure to include the
CVE (Common Vul
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3835[0]:
superexec operator is available
If you fix the vulnerability
Source: ghostscript
Version: 9.26a~dfsg-2
Severity: grave
Tags: security upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=700576
Control: found -1 9.26a~dfsg-0+deb9u1
Hi,
The following vulnerability was published for ghostscript.
CVE-2019-3838[0]:
forceput in DefineResource is st
Hi Paul,
On Mon, May 13, 2019 at 10:21:21PM +0200, Paul van der Vlis wrote:
> Package: ghostscript
> Version: 9.26a~dfsg-0+deb9u3
>
>
> After doing the Ghostscript upgrade from 9.26a~dfsg-0+deb9u2 to
> 9.26a~dfsg-0+deb9u3 cups did not print anymore at a customer PC.
> Downgrading the ghostscript
reassign 928952 src:cups-filters
forcemerge 928936 928952
close 928936 1.21.6-5
close 928936 1.22.5-1
thanks
Source: cups
Version: 2.2.10-1
Severity: minor
Hi
There was confusion and typo on one CVE id for a CVE-2018-4300. See
https://github.com/apple/cups/issues/5561 for details (the CVE id was
later on as well fixed retrospectively upstream in NEWS/changelogs).
To avoid confusions, and if this fits
Source: ghostscript
Version: 9.27~dfsg-3
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=701394
Control: found -1 9.27~dfsg-2
Control: found -1 9.26a~dfsg-0+deb9u2
Control: found -1 9.26a~dfsg-0+deb9u3
Control: found
08-13 09:49:11.0 +0200
@@ -1,3 +1,11 @@
+ghostscript (9.27~dfsg-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload (with maintainers approval).
+ * protect use of .forceput with executeonly (CVE-2019-10216)
+(Closes: #934638)
+
+ -- Salvatore Bonaccorso Tue, 13 Aug 2019 09:
Source: cups
Version: 2.2.10-6
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
Filling for tracking. The recent 2.2.12[1] release includes fixes for
several security issues, two of those got CVEs and are related to SNMP
buffer overflows. [2] includes all those.
Regar
1 - 100 of 121 matches
Mail list logo
