Debian Package Tracker

general

source: ghostscript (source, text)
version: 9.21~dfsg-1
maintainer: Debian Printing Team (archive) [DMD] [LowNMU]
uploaders: Bastien ROUCARIÈS [DMD] – Michael Gilbert [DMD] – Jonas Smedegaard [DMD]
arch: all any
std-ver: 4.0.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 9.05~dfsg-6.3+deb7u2
o-o-sec: 9.05~dfsg-6.3+deb7u7
oldstable: 9.06~dfsg-2+deb8u5
old-sec: 9.06~dfsg-2+deb8u5
stable: 9.20~dfsg-3.2
testing: 9.21~dfsg-1
unstable: 9.21~dfsg-1

versioned links

9.05~dfsg-6.3+deb7u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.05~dfsg-6.3+deb7u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.06~dfsg-2+deb8u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.20~dfsg-3.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.21~dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ghostscript
ghostscript-dbg
ghostscript-doc
ghostscript-x
libgs-dev
libgs9
libgs9-common

action needed

8 security issues in sid

high

There are 8 open security issues in sid.

8 important issues:

CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9835: The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2017-9612: The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-11714: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Please fix them.

Created: 2017-04-03 Last update: 2017-08-17 07:26

8 security issues in buster

high

There are 8 open security issues in buster.

8 important issues:

CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9835: The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2017-9612: The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-11714: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Please fix them.

Created: 2017-06-18 Last update: 2017-08-17 07:26

8 security issues in jessie

high

There are 8 open security issues in jessie.

7 important issues:

CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9835: The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2017-11714: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2017-9612: The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

1 issue skipped by the security teams:

CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

Please fix them.

Created: 2017-03-21 Last update: 2017-08-17 07:26

8 security issues in stretch

high

There are 8 open security issues in stretch.

7 important issues:

CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9835: The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2017-11714: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2017-9612: The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

1 issue skipped by the security teams:

CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

Please fix them.

Created: 2017-04-03 Last update: 2017-08-17 07:26

lintian reports 150 errors and 93 warnings

high

Lintian reports 150 errors and 93 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-06 Last update: 2017-07-28 06:07

Multiarch hinter reports 2 issue(s)

normal

There are issues with the multiarch metadata for this package.

ghostscript-doc could be marked Multi-Arch: foreign
ghostscript-dbg could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2017-08-23 01:41

2 bugs tagged help in the BTS

normal

The BTS contains 2 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2016-05-08 Last update: 2017-08-23 01:09

12 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 12 bugs, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-08-23 01:09

1 ignored security issue in wheezy

low

There is 1 open security issue in wheezy.

1 issue skipped by the security teams:

CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

Please fix it.

Created: 2017-03-21 Last update: 2017-08-17 07:26

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2016-04-08 Last update: 2016-11-29 12:56

news

[rss feed]

[2017-08-01] Accepted ghostscript 9.05~dfsg-6.3+deb7u7 (source all amd64) into oldoldstable (Markus Koschany)
[2017-06-25] ghostscript 9.21~dfsg-1 MIGRATED to testing (Debian testing watch)
[2017-06-19] Accepted ghostscript 9.21~dfsg-1 (source) into unstable (Jonas Smedegaard)
[2017-06-06] Accepted ghostscript 9.21~dfsg-1~exp1 (source) into experimental (Jonas Smedegaard)
[2017-05-24] ghostscript 9.20~dfsg-3.2 MIGRATED to testing (Debian testing watch)
[2017-05-22] Accepted ghostscript 9.20~dfsg-3.2 (all source) into unstable (Salvatore Bonaccorso)
[2017-05-07] Accepted ghostscript 9.05~dfsg-6.3+deb7u6 (source all amd64) into oldstable (Roberto C. Sanchez)
[2017-04-30] ghostscript 9.20~dfsg-3.1 MIGRATED to testing (Debian testing watch)
[2017-04-28] Accepted ghostscript 9.06~dfsg-2+deb8u5 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-04-28] Accepted ghostscript 9.20~dfsg-3.1 (all source) into unstable (Salvatore Bonaccorso)
[2017-04-20] Accepted ghostscript 9.05~dfsg-6.3+deb7u5 (source all amd64) into oldstable (Raphaël Hertzog)
[2017-03-31] ghostscript 9.20~dfsg-3 MIGRATED to testing (Debian testing watch)
[2017-03-22] Accepted ghostscript 9.20~dfsg-3 (source) into unstable (Jonas Smedegaard)
[2017-02-05] ghostscript 9.20~dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-01-25] Accepted ghostscript 9.20~dfsg-2 (source) into unstable (Jonas Smedegaard)
[2016-12-04] ghostscript 9.20~dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-11-29] Accepted ghostscript 9.20~dfsg-1 (source amd64 all) into unstable (Jonas Smedegaard)
[2016-11-18] Accepted ghostscript 9.20~dfsg-1~exp1 (source amd64 all) into experimental (Jonas Smedegaard)
[2016-11-04] ghostscript 9.19~dfsg-3.1 MIGRATED to testing (Debian testing watch)
[2016-10-29] Accepted ghostscript 9.06~dfsg-2+deb8u4 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-10-28] Accepted ghostscript 9.19~dfsg-3.1 (all source) into unstable (Salvatore Bonaccorso)
[2016-10-28] Accepted ghostscript 9.05~dfsg-6.3+deb7u4 (source all amd64) into oldstable (Roberto C. Sanchez)
[2016-10-25] Accepted ghostscript 9.05~dfsg-6.3+deb7u3 (source all amd64) into oldstable (Roberto C. Sanchez)
[2016-10-12] Accepted ghostscript 9.06~dfsg-2+deb8u3 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-10-12] Accepted ghostscript 9.06~dfsg-2+deb8u2 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-09-28] ghostscript 9.19~dfsg-3 MIGRATED to testing (Debian testing watch)
[2016-09-22] Accepted ghostscript 9.19~dfsg-3 (source) into unstable (Jonas Smedegaard)
[2016-08-17] ghostscript 9.19~dfsg-2 MIGRATED to testing (Debian testing watch)
[2016-08-11] Accepted ghostscript 9.19~dfsg-2 (source amd64 all) into unstable (Jonas Smedegaard)
[2016-03-30] ghostscript 9.19~dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 106 109
RC: 8
I&N: 65 67
M&W: 29 30
F&P: 4

links

homepage
lintian (150, 93)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 9.21~dfsg+1-0ubuntu1
33 bugs
patches for 9.21~dfsg+1-0ubuntu1