Bug#994011: marked as done (ghostscript: CVE-2021-3781)
Your message dated Thu, 09 Sep 2021 19:10:49 +0000
with message-id <E1mOPRh-000E4J-6k@fasolo.debian.org>
and subject line Bug#994011: fixed in ghostscript 9.53.3~dfsg-8
has caused the Debian Bug report #994011,
regarding ghostscript: CVE-2021-3781
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
994011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994011
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: ghostscript
Version: 9.53.3~dfsg-7
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=704342
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for ghostscript.
CVE-2021-3781[0].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3781
[1] https://bugs.ghostscript.com/show_bug.cgi?id=704342 (not public yet)
[2] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ghostscript
Source-Version: 9.53.3~dfsg-8
Done: Jonas Smedegaard <dr@jones.dk>
We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 994011@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated ghostscript package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 Sep 2021 20:12:26 +0200
Source: ghostscript
Architecture: source
Version: 9.53.3~dfsg-8
Distribution: unstable
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Closes: 994011
Changes:
ghostscript (9.53.3~dfsg-8) unstable; urgency=high
.
* add patch cherry-picked upstream
to fix access validationaccess validation;
closes: bug#994011;
CVE-2021-3781
* Set urgency=high due to security fix.
Checksums-Sha1:
91bf03880e1078d285de68a92a9231243c5d86c4 2677 ghostscript_9.53.3~dfsg-8.dsc
60a954d0db52d46532885dc475b29f7740eef1ec 120024 ghostscript_9.53.3~dfsg-8.debian.tar.xz
d99ecdcae3cd8304ea7b666306c3096b230e2a80 11797 ghostscript_9.53.3~dfsg-8_amd64.buildinfo
Checksums-Sha256:
a8148d19d8d14e467da7492488ef37df0fc086e9f369d87d00b368dba7d2d80a 2677 ghostscript_9.53.3~dfsg-8.dsc
49069924c3e4add7ddfea38c200fd48e0fe7b9011f57714dbaa233b7fd5f05d9 120024 ghostscript_9.53.3~dfsg-8.debian.tar.xz
50f35baa305a884ecb34e6a2c75cb53bdc4a4045a3fb43f438c7fbd5d4f19317 11797 ghostscript_9.53.3~dfsg-8_amd64.buildinfo
Files:
c7b98246a04a7586e5184e575cd51c78 2677 text optional ghostscript_9.53.3~dfsg-8.dsc
61b28baa18767cf251c55f82be501fcf 120024 text optional ghostscript_9.53.3~dfsg-8.debian.tar.xz
ed3f930906b3ee5163ee0390d3ec03a7 11797 text optional ghostscript_9.53.3~dfsg-8_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmE6UVYACgkQLHwxRsGg
ASHxGQ//X/kpmGtY8gxUP7hnFJ6UsztVRFNc3kslJCPdo26kxkwf3SMvalMCitGm
HqoUv1fjoGBybQ/QQWgSRLpv8VGWqWihT6YbrCgCP3WAT8P4uRU5dOkL5dWpEQXT
mvrFACGZ4FFV9afChKxFDpd68tfjKNkP3OeTVic6wkBfdUbVkWO4h0Bjfs51vKDe
OpSyqQhpqQjtlEpXkmv+bCFKS3xoQaPm65HQIvD01j6Qb+DLDEIUij3ooR46Cyhc
AyIfgQNSZIVKhNDr/9+uEj0OHGXRQzwhhjSGRx62PT3rBPJeaZdkig+Z8TSLL86P
0xBW5VrvRNzw9mJdvtqwJTSO/EwSzx2H8DqvohXVrkTqMSPc8G4HP60SKAV82jJO
gt4/MfZFyTd1biyhxW4YMArpO03oX6eZcOIxvHKStIflQkJRf2JH+IdfMH02yuKQ
8XmClUaECLN/IXfp9y5pHkL2ngl+N+oHKurKK3RgvZDLwm2mZL1yBtI9qgYD2O+k
06sD5m6Mx6h5HFzdhvPtKXnU2gTdYTAlwfI01rTNLDt4s+qWG3CNUcCqwp5m289J
t6DBkJN4t2jvlJF1/Tdut7YVKfO53zSIA3jW85FuqD/fGDQ/BdVGpSHNDwHjyM08
y2Sc57qSptX1IIkVEZiLxR6AXwn4/E6m8hqZYODUIC4P6/dV2yU=
=+fGS
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: