Back to ghostscript PTS page

Accepted ghostscript 9.05~dfsg-6.3+deb7u7 (source all amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ghostscript 9.05~dfsg-6.3+deb7u7 (source all amd64) into oldoldstable
From: Markus Koschany <apo@debian.org>
Date: Tue, 01 Aug 2017 08:40:17 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1dcSiv-0002oV-72@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Aug 2017 09:38:25 +0200
Source: ghostscript
Binary: ghostscript ghostscript-cups ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source all amd64
Version: 9.05~dfsg-6.3+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-cups - interpreter for the PostScript language and for PDF - CUPS filter
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes: 
 ghostscript (9.05~dfsg-6.3+deb7u7) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2017-9835:
     Lack of an integer overflow check in base/gsalloc.c allows remote attackers
     to cause a denial of service (heap-based buffer overflow and application
     crash)
   * CVE-2017-9739:
     The Ins_JMPR function in base/ttinterp.c allows remote attackers to cause
     a denial of service (heap-based buffer over-read and application crash) or
     possibly have unspecified other impact via a crafted document.
   * CVE-2017-9727:
     The gx_ttfReader__Read function in base/gxttfb.c allows remote attackers to
     cause a denial of service (heap-based buffer over-read and application
     crash) or possibly have unspecified other impact via a crafted document.
   * CVE-2017-9726:
     The Ins_MDRP function in base/ttinterp.c allows remote attackers to cause a
     denial of service (heap-based buffer over-read and application crash) or
     possibly have unspecified other impact via a crafted document.
   * CVE-2017-9612:
     The Ins_IP function in base/ttinterp.c allows remote attackers to cause a
     denial of service (use-after-free and application crash) or possibly have
     unspecified other impact via a crafted document.
   * CVE-2017-9611:
     The Ins_MIRP function in base/ttinterp.c allows remote attackers to cause a
     denial of service (heap-based buffer over-read and application crash) or
     possibly have unspecified other impact via a crafted document.
   * CVE-2017-7207:
     The mem_get_bits_rectangle function allows remote attackers to cause a
     denial of service (NULL pointer dereference) via a crafted PostScript
     document.
   * CVE-2017-11714:
     psi/ztoken.c mishandles references to the scanner state structure, which
     allows remote attackers to cause a denial of service (application crash) or
     possibly have unspecified other impact via a crafted PostScript document,
     related to an out-of-bounds read in the igc_reloc_struct_ptr function in
     psi/igc.c.
Checksums-Sha1: 
 cbe08c0cc95623b08e2b88c6d16abb992fd73ffe 2984 ghostscript_9.05~dfsg-6.3+deb7u7.dsc
 c26cb1741e1a6459f7529480ac36bb4f6ebc26d7 119789 ghostscript_9.05~dfsg-6.3+deb7u7.debian.tar.gz
 4661e60660b913bab1bc6188ef71e998199d80a9 2446350 ghostscript-doc_9.05~dfsg-6.3+deb7u7_all.deb
 3bf5531ddcf025c3491d9de5b67c907e7773e47b 1979152 libgs9-common_9.05~dfsg-6.3+deb7u7_all.deb
 b1660df244a3422511fe98356a68ea11f4b0605e 81408 ghostscript_9.05~dfsg-6.3+deb7u7_amd64.deb
 b99b298fe9d5d37c4c3b53b87d329be47cf14280 60952 ghostscript-cups_9.05~dfsg-6.3+deb7u7_amd64.deb
 703bf099b6b8fb7946739a2452834c7df7ea0aee 73048 ghostscript-x_9.05~dfsg-6.3+deb7u7_amd64.deb
 c86dfd7bd023754ace1f0c87cfc3ca05128eb11e 1846068 libgs9_9.05~dfsg-6.3+deb7u7_amd64.deb
 a16fa4c884eb2413a4cc7492769d5dbea501e366 2040078 libgs-dev_9.05~dfsg-6.3+deb7u7_amd64.deb
 4300f375b9a03d7bee6bb26667f1f6ea848da9d7 5329166 ghostscript-dbg_9.05~dfsg-6.3+deb7u7_amd64.deb
Checksums-Sha256: 
 b5f556a44faa3b47d8ee834dbcd3c530a5cd971c9d8f3b8ecfa9b314559c4192 2984 ghostscript_9.05~dfsg-6.3+deb7u7.dsc
 81b0688beaf33b17430d4c0af05102274ef3d2bb56a4e038769499f24fb4184d 119789 ghostscript_9.05~dfsg-6.3+deb7u7.debian.tar.gz
 b19541665ecf2e35052ae2c82ca620ed87484ec4006933c3e5608d8e119a6f67 2446350 ghostscript-doc_9.05~dfsg-6.3+deb7u7_all.deb
 bd038c3a292a0a394c06a15024bd2da9fa00bdfc19cd1f34ed845e5f95253b29 1979152 libgs9-common_9.05~dfsg-6.3+deb7u7_all.deb
 bb5f8d83781eef17ef5dd99b6fa618b2e67c3af7fdaa3fa9c62e9287dad49ea8 81408 ghostscript_9.05~dfsg-6.3+deb7u7_amd64.deb
 70554564d852ea8b2c21e42ad5185bb3727928a473ac5451aa6b0129e5e51cb8 60952 ghostscript-cups_9.05~dfsg-6.3+deb7u7_amd64.deb
 5f9a65ff487c62a335cd0b721e462eeea965b2bfe16174ea59d09c2eb1455afd 73048 ghostscript-x_9.05~dfsg-6.3+deb7u7_amd64.deb
 8b65e4c97bad8b77807a74cb429dac2218fa3b09b324f6719e5a9bf5e9e99b4b 1846068 libgs9_9.05~dfsg-6.3+deb7u7_amd64.deb
 6b9edf3a3a157b543f1c20cf1ac363f075eb534d6e1313a81359083e355f78d1 2040078 libgs-dev_9.05~dfsg-6.3+deb7u7_amd64.deb
 4e5bac89dfcd8c84c6358dedfc741c6af996b87776e6f3792ce561ddc1925045 5329166 ghostscript-dbg_9.05~dfsg-6.3+deb7u7_amd64.deb
Files: 
 efe56b6ae3d11f8cf3d51f134e559071 2984 text optional ghostscript_9.05~dfsg-6.3+deb7u7.dsc
 080bf3adb21c1287a0223282e33bb0e9 119789 text optional ghostscript_9.05~dfsg-6.3+deb7u7.debian.tar.gz
 037503fbdbb7365a05e109507e49be5f 2446350 doc optional ghostscript-doc_9.05~dfsg-6.3+deb7u7_all.deb
 fded26c7683afc4cb802b943a4482b71 1979152 libs optional libgs9-common_9.05~dfsg-6.3+deb7u7_all.deb
 4842a6e21d22382e6077ecba31602c5e 81408 text optional ghostscript_9.05~dfsg-6.3+deb7u7_amd64.deb
 60c5846e21e36092de2b0da69cb4d840 60952 text optional ghostscript-cups_9.05~dfsg-6.3+deb7u7_amd64.deb
 3ef748c2c4c53578672508f4803a4fad 73048 text optional ghostscript-x_9.05~dfsg-6.3+deb7u7_amd64.deb
 4e110f6b25a98dab8a55e7f77838cfc7 1846068 libs optional libgs9_9.05~dfsg-6.3+deb7u7_amd64.deb
 84a365e7e454725744852e2e49bca40e 2040078 libdevel optional libgs-dev_9.05~dfsg-6.3+deb7u7_amd64.deb
 4f1265b9b5e14092381a0e12fe16c94f 5329166 debug extra ghostscript-dbg_9.05~dfsg-6.3+deb7u7_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmAPFFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkzuEP/j3Fat+tnF6l/43ufJSUkaiqVj/IrcpfbRda
7V1wVDUGav320lyVrX7HcbxklReErH8ern/DkMF5HrvbIOIR6arram+e0v9VTWiK
z8mhoQd/RUosR11ISZPg+zzSDVw8ZYBmWhqByobm2E/P9QLoadAb4jdHIb8kQlnQ
RYBU0WTtei4C5GuH73oj+6PXaCdY2uNooTePYCpVWv1MS2zRQnHp93ED4GkA6w+r
7VzS63JnRb7KVqiy9nxKH3XRioOhlV+9vAG4gaE/BFb7RbJ+lkQTA3avzvY1lV2F
frByc7JVmdUgB/gu5NI3TZm3KPDN0SpVD2uvS5L9I/odTYu4ZZGr82eIjTjqjXLb
mxqFO1j5PQK6Y2sxQCtmROQE/x+HaVkw+xbiTD+2PNKDK+zOt1r8SHcWbKSY2snN
bcYOrekn/kB7MJ9hzRoQ8eVvMSoc7lhUbayCA6JI9ilsBWwk24exLG54h0N2rxCS
+6KZiTEFeH0GrWMmVqSIFwSxdJQH5ZVUbbWMA5HC+U0wfn52FAhd2vEKr76aXXoi
1VAUGKLgWadi9rcW/fHo11MiTsxoFu/+y50hbnyKkISvM9AI0zDt5MlvWGjc85kP
WxqBy4Gcs/f6rqJoSWpxRGFUe/xhV/WoJpkoox6v9/4OOdIgcQnU8zp3H+kUdgdC
l90AH3gD
=SBBZ
-----END PGP SIGNATURE-----