Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1053239: bookworm-pu: package ghostscript/10.0.0~dfsg-11+deb12u2
5 views
Skip to first unread message
Salvatore Bonaccorso
Sep 29, 2023, 3:40:05 PM9/29/23
to
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.d...@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ghost...@packages.debian.org, car...@debian.org
Control: affects -1 + src:ghostscript
Hi stable release managers,
[ Reason ]
Fix two CVEs which we did mark no-dsa (though one might after more
thinking be a candiate). Fix CVE-2023-38559 and CVE-2023-43115.
[ Impact ]
CVE-2023-38559 and CVE-2023-43115 would remain open so far.
[ Tests ]
Performed manual test for CVE-2023-43115.
[ Risks ]
Should be low, following the upstream commits to resolve the issues
which are very targeted.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Apply upstream fixes to address the CVEs. Adjust checks on input and
for the second issue, prevent PostScript programs switching to the IJS
device after SAFER has been activated (and prevent changes to the
IjsServer parameter after SAFER has been activated).
[ Other info ]
None.
Regards,
Salvatore
Severity: normal
Tags: bookworm
User: release.d...@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ghost...@packages.debian.org, car...@debian.org
Control: affects -1 + src:ghostscript
Hi stable release managers,
[ Reason ]
Fix two CVEs which we did mark no-dsa (though one might after more
thinking be a candiate). Fix CVE-2023-38559 and CVE-2023-43115.
[ Impact ]
CVE-2023-38559 and CVE-2023-43115 would remain open so far.
[ Tests ]
Performed manual test for CVE-2023-43115.
[ Risks ]
Should be low, following the upstream commits to resolve the issues
which are very targeted.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Apply upstream fixes to address the CVEs. Adjust checks on input and
for the second issue, prevent PostScript programs switching to the IJS
device after SAFER has been activated (and prevent changes to the
IjsServer parameter after SAFER has been activated).
[ Other info ]
None.
Regards,
Salvatore
Adam D Barratt
Oct 1, 2023, 8:00:05 AM10/1/23
to
package release.debian.org
tags 1053239 = bookworm pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.
Thanks for your contribution!
Upload details
==============
Package: ghostscript
Version: 10.0.0~dfsg-11+deb12u2
Explanation: fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS server startup [CVE-2023-43115]
tags 1053239 = bookworm pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.
Thanks for your contribution!
Upload details
==============
Package: ghostscript
Version: 10.0.0~dfsg-11+deb12u2
Explanation: fix buffer overflow issue [CVE-2023-38559]; try and secure the IJS server startup [CVE-2023-43115]
0 new messages