[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#994011: marked as done (ghostscript: CVE-2021-3781)

Your message dated Fri, 10 Sep 2021 16:02:07 +0000
with message-id <E1mOiyd-000G6N-E3@fasolo.debian.org>
and subject line Bug#994011: fixed in ghostscript 9.53.3~dfsg-7+deb11u1
has caused the Debian Bug report #994011,
regarding ghostscript: CVE-2021-3781
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
994011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994011
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: ghostscript
Version: 9.53.3~dfsg-7
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=704342
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for ghostscript.

CVE-2021-3781[0].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3781
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3781
[1] https://bugs.ghostscript.com/show_bug.cgi?id=704342 (not public yet)
[2] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: ghostscript
Source-Version: 9.53.3~dfsg-7+deb11u1
Done: Salvatore Bonaccorso <carnil@debian.org>

We believe that the bug you reported is fixed in the latest version of
ghostscript, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 994011@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated ghostscript package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Sep 2021 19:23:11 +0200
Source: ghostscript
Architecture: source
Version: 9.53.3~dfsg-7+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 994011
Changes:
 ghostscript (9.53.3~dfsg-7+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Include device specifier strings in access validation (CVE-2021-3781)
     (Closes: #994011)
Checksums-Sha1: 
 4737cfd35503a61ffdad3ee475ce2df32efaae9d 2864 ghostscript_9.53.3~dfsg-7+deb11u1.dsc
 9ce4415e5f37d858b5eb4d11040cf4079f2129c6 23948068 ghostscript_9.53.3~dfsg.orig.tar.xz
 6e303c9863d23dce0cfdcd70b4149ed958714aba 120292 ghostscript_9.53.3~dfsg-7+deb11u1.debian.tar.xz
Checksums-Sha256: 
 701551ac2ffaa9763f4e90d2f0d58719fd59708604f1204506ed258149da09ff 2864 ghostscript_9.53.3~dfsg-7+deb11u1.dsc
 678f99fc6cca9a224f49891b8db5d9a325b8b3fbbffa9f29d44bac9f54603f3d 23948068 ghostscript_9.53.3~dfsg.orig.tar.xz
 b08c4a40ee3731b0d94cf21bcb1bc49bd76818b71ee63c91cab9d34f0b03a021 120292 ghostscript_9.53.3~dfsg-7+deb11u1.debian.tar.xz
Files: 
 48775e509741196d9267f98382d49371 2864 text optional ghostscript_9.53.3~dfsg-7+deb11u1.dsc
 653da2a0bebf9949634c137da72d1e26 23948068 text optional ghostscript_9.53.3~dfsg.orig.tar.xz
 e097902e2b65b9f238c43c41ec5b564b 120292 text optional ghostscript_9.53.3~dfsg-7+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmE6RLJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EbhMP/1LHmXAGw3LM40A6FQ9DLMeVKe3w+vEM
gMPWJo2jhqMu0Ga9V7FVgfw3cbpScQ7G3e1e0q+sFUNQMYIT+eWs+y0oSbfvOfwd
3KzRhXklc/lR/1Q55/zkYu4wVuM0lrEFPBo7r5dXDSHgm6aP4t+fXA0xLaDs0e3G
Yq27HOqOMvST2mQSCVfX1VVzAlfuRAOrgMbNnNaCZK/aPELuvW6OihiMzP23eMhY
a8pJL3LJgjARq5ODtEL0xOU3bKKDFiIk/L07jGZwQ8df05YhxteggEhIGic6cVIG
BiIQ963fZuNLV5+x18DMacnLY4GSLmM+ZNcLwYKakvOORZTDPc60X8rd631JMcv3
xxYeoBafirITnAqkpEG/JpiBz/YCzuPiry8IsXWnjXEoocykApE34gGHRFcwtnmm
FDFmAX/wf3paNtnFQZWFItk3HAC7w1sPUUKmzoHqJ4329bAsBKAqUwmjvw2lc2pz
UWR63biKtiax9THOF/AZJNeD6PFG53BWhKuufwtWjMBXPln1DgVyRJYyDjyy8atC
PDquAfH7uSNv6SKyG+W2LIXNe4c7NjixXMVlHQostQx20NU4hFMgd44tfTpOta/U
WxPF1LswJI456y0z6GFS//MVbUOM/m8BLs7H0ADNgy3C99oM9IpQPYmGBbzgSXXZ
s2kJHv7FcjNa
=NcKb
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: