[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#584064: marked as done (texlive-base-bin: Security bugs in ghostscript)

Your message dated Tue, 1 Jun 2010 11:03:07 +0900
with message-id <20100601020307.GF1855@gamma.logic.tuwien.ac.at>
and subject line Re: Bug#584064: texlive-base-bin: Security bugs in ghostscript
has caused the Debian Bug report #584064,
regarding texlive-base-bin: Security bugs in ghostscript
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
584064: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584064
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: texlive-base-bin
Version: 2007.dfsg.2-4+lenny2
Severity: grave
Tags: security
Justification: user security hole


Please note remote execute-any-code security bugs in ghostscript:

  http://bugs.debian.org/583183

This package suggests ghostscript, and may be affected. Please
evaluate the security of this package, and fix if needed.

Thanks,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages texlive-base-bin depends on:
ii  ed                  0.7-3                The classic unix line editor
ii  libc6               2.7-18lenny2         GNU C Library: Shared libraries
ii  libgcc1             1:4.3.2-1.1          GCC support library
ii  libkpathsea4        2007.dfsg.2-4+lenny2 TeX Live: path search library for 
ii  libncurses5         5.7+20081213-1       shared libraries for terminal hand
ii  libpng12-0          1.2.27-2+lenny3      PNG library - runtime
ii  libpoppler3         0.8.7-3              PDF rendering library
ii  libstdc++6          4.3.2-1.1            The GNU Standard C++ Library v3
ii  libx11-6            2:1.1.5-2            X11 client-side library
ii  libxaw7             2:1.0.4-2            X11 Athena Widget library
ii  libxmu6             2:1.0.4-1            X11 miscellaneous utility library
ii  libxpm4             1:3.5.7-1            X11 pixmap library
ii  libxt6              1:1.0.5-3            X11 toolkit intrinsics library
ii  mime-support        3.44-1               MIME files 'mime.types' & 'mailcap
ii  perl                5.10.0-19lenny2      Larry Wall's Practical Extraction 
ii  tex-common          1.11.3               common infrastructure for building
ii  texlive-common      2007.dfsg.2-1~lenny2 TeX Live: Base component
ii  zlib1g              1:1.2.3.3.dfsg-12    compression library - runtime

Versions of packages texlive-base-bin recommends:
ii  texlive-base-bin-do 2007.dfsg.2-4+lenny2 TeX Live: Documentation files for 

Versions of packages texlive-base-bin suggests:
ii  evince [postscript 2.22.2-4~lenny1       Document (postscript, pdf) viewer
ii  ghostscript [posts 8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
ii  gv [postscript-vie 1:3.6.5-2             PostScript and PDF viewer for X
ii  kghostview [postsc 4:3.5.9-3+lenny3      PostScript viewer for KDE
ii  kpdf [pdf-viewer]  4:3.5.9-3+lenny3      PDF viewer for KDE
ii  perl-tk            1:804.028-1+b1        Perl module providing the Tk graph
ii  xpdf-reader [pdf-v 3.02-1.4+lenny2       Portable Document Format (PDF) sui
ii  xpdf-utils [pdf-vi 3.02-1.4+lenny2       Portable Document Format (PDF) sui

Versions of packages tex-common depends on:
ii  debconf                       1.5.24     Debian configuration management sy
ii  ucf                           3.0016     Update Configuration File: preserv

Versions of packages texlive-base-bin is related to:
ii  tetex-base          2007.dfsg.2-1~lenny2 TeX Live: teTeX transitional packa
ii  tetex-bin           2007.dfsg.2-1~lenny2 TeX Live: teTeX transitional packa
ii  tetex-extra         2007.dfsg.2-1~lenny2 TeX Live: teTeX transitional packa
ii  tex-common          1.11.3               common infrastructure for building

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
On Di, 01 Jun 2010, Paul Szabo wrote:
> Justification: user security hole
> 
> 
> Please note remote execute-any-code security bugs in ghostscript:
> 
>   http://bugs.debian.org/583183
> 
> This package suggests ghostscript, and may be affected. Please
> evaluate the security of this package, and fix if needed.

Yes, you have reported that problem with ghostscript. SO why open
a bug report on texlive if it *suggests* ghostscriopt?

Please understand the meaning of bugs first before you create bug
reports.

Closing this bug. If it is (I cannot decide on that) it is a bug of
ghostscript, which has already been reported.

Best wishes

Norbert
------------------------------------------------------------------------
Norbert Preining            preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan                                 TeX Live & Debian Developer
DSA: 0x09C5B094   fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
BOOLTEENS
The small scatterings of foreign coins and half-p's which inhabit
dressing tables. Since they are never used and never thrown away
boolteens account for a significant drain on the world's money supply.
			--- Douglas Adams, The Meaning of Liff

--- End Message ---
Reply to: